Approved changes feed: RSS · Atom
cpe:2.3:a:thimpress:wp_pipes:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Thimpress (3359de0e-d602-5f4a-8b30-12c81ab7a63c) |
|---|---|
| Product | Wp Pipes (a458b238-09da-5500-a8f7-bf5bd5deeb69) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wp-plugins/wp-pipes |
purl2cpe | 2026-06-01 10:11:30.862074 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-60227 |
vulnerable | 2026-06-03 15:07:55.950919 |
WordPress WP Pipes plugin <= 1.4.3 - Arbitrary File Deletion vulnerability
HIGH (8.6)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes wp-pipes allows Path Traversal.This issue affects WP Pipes: from n/a through <= 1.4.3.
Published: 2025-10-22T14:32:46.277Z
Updated: 2026-04-28T16:13:58.105Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-48267 |
vulnerable | 2026-06-03 15:01:34.352413 |
WordPress WP Pipes plugin <= 1.4.2 - Arbitrary File Deletion Vulnerability
HIGH (8.6)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal. This issue affects WP Pipes: from n/a through 1.4.2.
Published: 2025-06-09T15:53:55.539Z
Updated: 2026-04-28T16:12:54.364Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-47664 |
vulnerable | 2026-06-03 15:01:33.199794 |
WordPress WP Pipes <= 1.4.2 - Server Side Request Forgery (SSRF) Vulnerability
MEDIUM (4.4)
Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery. This issue affects WP Pipes: from n/a through 1.4.2.
Published: 2025-05-07T14:20:48.744Z
Updated: 2026-04-28T16:12:49.648Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-28982 |
vulnerable | 2026-06-03 15:00:14.066084 |
WordPress WP Pipes plugin <= 1.4.3 - SQL Injection Vulnerability
CRITICAL (9.3)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affects WP Pipes: from n/a through 1.4.3.
Published: 2025-07-16T11:28:11.175Z
Updated: 2026-04-28T16:11:52.496Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-28979 |
vulnerable | 2026-06-03 15:00:14.057774 |
WordPress WP Pipes <= 1.4.3 - Local File Inclusion Vulnerability
HIGH (8.1)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This issue affects WP Pipes: from n/a through 1.4.3.
Published: 2025-08-14T10:34:33.537Z
Updated: 2026-04-28T16:11:52.183Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-28977 |
vulnerable | 2026-06-03 15:00:14.054943 |
WordPress WP Pipes Plugin <= 1.4.3 - Cross Site Scripting (XSS) Vulnerability
HIGH (7.1)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes allows Reflected XSS. This issue affects WP Pipes: from n/a through 1.4.3.
Published: 2025-08-20T08:03:48.107Z
Updated: 2026-04-28T16:11:52.106Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12283 |
vulnerable | 2026-06-03 14:54:16.014494 |
WP Pipes <= 1.4.1 - Reflected Cross-Site Scripting via x1 Parameter
MEDIUM (6.1)
The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘x1’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Published: 2024-12-11T08:57:28.851Z
Updated: 2026-04-08T16:47:02.315Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40009 |
vulnerable | 2026-06-03 14:52:42.349187 |
WordPress WP Pipes Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)
MEDIUM (5.4)
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions.
Published: 2023-10-03T12:45:15.131Z
Updated: 2026-04-28T16:08:35.830Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-45355 |
vulnerable | 2026-06-03 14:48:24.028898 |
WordPress WP Pipes Plugin <= 1.33 is vulnerable to SQL Injection (SQLi)
HIGH (8.2)
Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipes plugin <= 1.33 versions.
Published: 2023-03-29T18:35:28.901Z
Updated: 2026-04-28T16:07:52.271Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.