Server-Side Request Forgery Vulnerability in ThimPress WP Pipes
CVE-2025-47664

4.4MEDIUM

Key Information:

Vendor: WordPress
Status: WP Pipes
Vendor: CVE Published:; 7 May 2025

Summary

The SSRF vulnerability in ThimPress WP Pipes allows an attacker to send crafted requests from the server to internal resources. This can lead to unauthorized access to sensitive data, as well as potential exploitation of additional vulnerabilities within the internal network. Versions affected include WP Pipes from n/a up to 1.4.2, which emphasizes the need for users to update their installations promptly to mitigate potential risks.

Affected Version(s)

WP Pipes <= 1.4.2

References

https://patchstack.com/database/wordpress/plugin/wp-pipes...

vdb-entry

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
May 7, 2025

Credit

domiee13 (Patchstack Alliance)