cleantalk
Vulnerabilities and Security Researches

WP Pipes, CVE-2025-28979

CVE, Research URL

CVE-2025-28979

Home page URL

Security reports for WP Pipes

Application

WP Pipes

Published on
Aug 14, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This issue affects WP Pipes: from n/a through 1.4.3.
Affected versions
max 1.4.3.
Status
vulnerable
Previous vulnerability researches
WP Pipes (CVE-2025-28982) , Jul 19, 2025
WP Pipes (CVE-2023-40009) , Jun 07, 2024
WP Pipes (CVE-2022-45355) , Jun 07, 2024
WP Pipes (CVE-2024-12283) , Dec 12, 2024
WP Pipes (CVE-2025-48267) , Jun 06, 2025
New vulnerability
Greenshift – animation and page builder blocks (CVE-2025-11841) , Nov 11, 2025
Range Slider AddOn for Gravity Forms (CVE-2025-49905) , Nov 11, 2025
YOP Poll (CVE-2025-62040) , Nov 11, 2025
Insert Headers and Footers Code – HT Script (CVE-2025-12112) , Nov 11, 2025
Easy Appointments (CVE-2025-49398) , Nov 11, 2025