Thimpress Wp Pipes

9 CVEs affecting Thimpress Wp Pipes. Latest disclosed: 2025-10-22. Critical: 1, High: 5.

Top CVEs affecting Thimpress Wp Pipes
CVESeverityScorePublishedSummary
CVE-2025-28982Critical9.32025-07-16Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affec…
CVE-2025-60227High8.62025-10-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes wp-pipes allows Path Traversal.This issue af…
CVE-2025-48267High8.62025-06-09Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal. This issue affects WP…
CVE-2022-45355High8.22023-03-29Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipes plugin <= 1.33 versions.
CVE-2025-28979High8.12025-08-14Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local Fi…
CVE-2025-28977High7.12025-08-20Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes allows Reflected XSS. This issue affec…
CVE-2024-12283Medium6.12024-12-11The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘x1’ parameter in all versions up to, and including, 1.4.1 due to ins…
CVE-2023-40009Medium5.42023-10-03Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions.
CVE-2025-47664Medium4.42025-05-07Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery. This issue affects WP Pipes: from n/a through 1.4.2.