WP Pipes

Information

Software Type	Plugin
Software Slug	wp-pipes (view on wordpress.org)
Software Status	Removed
Software Author	thimpress
Software Website	thimpress.com
Software Downloads	131,207
Software Active Installs	400
Software Record Last Updated	March 23, 2026

9 Vulnerabilities

Submit a Vulnerability

WP Pipes <= 1.4.3 - Reflected Cross-Site Scripting

6.1

CVE-2025-28977

Aug 14, 2025

Researcher: LVT-tholv2k

WP Pipes <= 1.4.3 - Unauthenticated Local File Inclusion

8.1

CVE-2025-28979

Jul 22, 2025

Researcher: LVT-tholv2k

WP Pipes <= 1.4.3 - Unauthenticated SQL Injection

7.5

CVE-2025-28982

Jul 8, 2025

Researcher: LVT-tholv2k

WP Pipes <= 1.4.3 - Unauthenticated Arbitrary File Deletion

9.1

CVE-2025-60227

Jul 6, 2025

Researcher: LVT-tholv2k

WP Pipes <= 1.4.2 - Unauthenticated Arbitrary File Deletion

9.1

CVE-2025-48267

May 30, 2025

Researcher: timomangcut

WP Pipes <= 1.4.3 - Authenticated (Administrator+) Server-Side Request Forgery

5.5

CVE-2025-47664

May 7, 2025

Researcher: domiee13

WP Pipes <= 1.4.1 - Reflected Cross-Site Scripting via x1 Parameter

6.1

CVE-2024-12283

Dec 10, 2024

Researcher: vgo0

WP Pipes <= 1.4.0 - Cross-Site Request Forgery to Settings Update

4.3

CVE-2023-40009

Aug 11, 2023

Researcher: Nguyen Xuan Chien

WP Pipes <= 1.33 - Authenticated (Admin+) SQL Injection

9.8

CVE-2022-45355

Dec 20, 2022

Researcher: Kévin Mosbahi (Mika)

Title	Status	CVE ID	CVSS	Researchers	Date
WP Pipes <= 1.4.3 - Reflected Cross-Site Scripting	Unpatched	CVE-2025-28977	6.1	LVT-tholv2k	August 14, 2025
WP Pipes <= 1.4.3 - Unauthenticated Local File Inclusion	Unpatched	CVE-2025-28979	8.1	LVT-tholv2k	July 22, 2025
WP Pipes <= 1.4.3 - Unauthenticated SQL Injection	Unpatched	CVE-2025-28982	7.5	LVT-tholv2k	July 8, 2025
WP Pipes <= 1.4.3 - Unauthenticated Arbitrary File Deletion	Unpatched	CVE-2025-60227	9.1	LVT-tholv2k	July 6, 2025
WP Pipes <= 1.4.2 - Unauthenticated Arbitrary File Deletion	Patched	CVE-2025-48267	9.1	timomangcut	May 30, 2025
WP Pipes <= 1.4.3 - Authenticated (Administrator+) Server-Side Request Forgery	Unpatched	CVE-2025-47664	5.5	domiee13	May 7, 2025
WP Pipes <= 1.4.1 - Reflected Cross-Site Scripting via x1 Parameter	Patched	CVE-2024-12283	6.1	vgo0	December 10, 2024
WP Pipes <= 1.4.0 - Cross-Site Request Forgery to Settings Update	Patched	CVE-2023-40009	4.3	Nguyen Xuan Chien	August 11, 2023
WP Pipes <= 1.33 - Authenticated (Admin+) SQL Injection	Patched	CVE-2022-45355	9.8	Kévin Mosbahi (Mika)	December 20, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation