Wp Pipes
Monthly
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes allows Reflected XSS.4.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion.4.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Path traversal vulnerability in ThimPress WP Pipes that allows unauthenticated remote attackers to access files outside restricted directories, potentially causing denial of service or information disclosure. Versions through 1.4.2 are affected. The vulnerability has a high CVSS score of 8.6 due to network accessibility and no authentication requirements, though the impact is limited to availability rather than confidentiality or integrity.
Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery.4.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes allows Reflected XSS.4.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion.4.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Path traversal vulnerability in ThimPress WP Pipes that allows unauthenticated remote attackers to access files outside restricted directories, potentially causing denial of service or information disclosure. Versions through 1.4.2 are affected. The vulnerability has a high CVSS score of 8.6 due to network accessibility and no authentication requirements, though the impact is limited to availability rather than confidentiality or integrity.
Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery.4.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.