CVE-2025-28979

High CVSS: 8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This issue affects WP Pipes: from n/a through 1.4.3.

Vendor

Thimpress

Product

Wp Pipes

CWE

CWE-98

Yayın Tarihi

2025-08-14 11:15:31

Güncelleme

2025-12-01 18:07:07

Source Identifier

audit@patchstack.com

KEV Date Added

Kategoriler

CWE-98 Wp Pipes HIGH Thimpress 2025

Referanslar

https://patchstack.com/database/wordpress/plugin/wp-pipes/vulnerability/wordpress-wp-pipes-1-4-3-local-file-inclusion-vulnerability?_s_id=cve

Benzer Kayıtlar

High

CVE-2025-60227

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes wp-pi…

High

CVE-2025-28977

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes…

Critical

CVE-2025-28982

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes…

High

CVE-2025-48267

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allow…

Medium

CVE-2024-13127

The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow h…

Medium

CVE-2024-13128

The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow h…