Thimpress Wp_pipes
9 CVEs affecting Thimpress Wp_pipes. Latest disclosed: 2025-10-22. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-28982 | Critical | 9.3 | 2025-07-16 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affec… |
CVE-2025-60227 | High | 8.6 | 2025-10-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes wp-pipes allows Path Traversal.This issue af… |
CVE-2025-48267 | High | 8.6 | 2025-06-09 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal. This issue affects WP… |
CVE-2022-45355 | High | 8.2 | 2023-03-29 | Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipes plugin <= 1.33 versions. |
CVE-2025-28979 | High | 8.1 | 2025-08-14 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local Fi… |
CVE-2025-28977 | High | 7.1 | 2025-08-20 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes allows Reflected XSS. This issue affec… |
CVE-2024-12283 | Medium | 6.1 | 2024-12-11 | The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘x1’ parameter in all versions up to, and including, 1.4.1 due to ins… |
CVE-2023-40009 | Medium | 5.4 | 2023-10-03 | Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions. |
CVE-2025-47664 | Medium | 4.4 | 2025-05-07 | Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery. This issue affects WP Pipes: from n/a through 1.4.2. |