What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affects WP Pipes: from n/a through 1.4.3.
CVE-2025-28982
CRITICAL
CVE-2025-28982: WordPress WP Pipes plugin <= 1.4.3 - SQL Injection Vulnerability
CVSS base score
9.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Key dates
02Disclosure timeline
July 16, 2025
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-4911 Campcodes Complete Web-Based School Management System student_exam_mark_update_form.php sql injection
CVE-2024-5523 SQL injection vulnerability in Astrotalks
CVE-2023-0675 Calendar Event Management System sql injection
CVE-2020-6127
CVE-2024-0466 code-projects Employee Profile Management System file_table.php sql injection
