[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fQE9O4BBGz1Mt7CRRU-qq2q6bs-JVY8-_OloEVxhv_LQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":29,"last_vuln_date":30,"fetched_at":31,"vulnerabilities":32,"developer":145,"crawl_stats":38,"alternatives":153,"analysis":256,"fingerprints":676},"wp-pipes","WP Pipes","1.4.3","ThimPress","https:\u002F\u002Fprofiles.wordpress.org\u002Fthimpress\u002F","\u003Cp>Yahoo Pipes & Zapier are powerful online services for making pipeline of data, \u003Ca href=\"http:\u002F\u002Fthimpress.com\u002Fpipes\" title=\"WP Pipes plugin\" rel=\"nofollow ugc\">WP Pipes\u003C\u002Fa> by \u003Ca href=\"http:\u002F\u002Fthimpress.com\" title=\"WordPress Plugins & Themes for lazy people\" rel=\"nofollow ugc\">ThimPress\u003C\u002Fa> comes available to the WordPress community to bring such of powerful abilities to WordPress site, works right inside your WordPress site.\u003Cbr \u002F>\nYou can create many Pipes, give your Pipes input and get output as your needs.\u003C\u002Fp>\n\u003Ch3>WordPress Data Migration\u003C\u002Fh3>\n\u003Cp>Powerful Data Migration WordPress plugin: CSV importing for Posts\u002FWooCommerce, RSS Feed Creator, AutoBlogging, auto post to Twitter\u002FFacebook\u002FLinkedIn.\u003C\u002Fp>\n\u003Ch3>WordPress Content Curation\u003C\u002Fh3>\n\u003Cp>Curated Content is still safe with SEO, and this content curation plugin for WordPress works perfectly to create curated content from RSS Feed, Google News or any other sources.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Are you looking for a great news WordPress theme?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You found it! Mag WP is an amazing magazine WordPress theme for a blog, news, newspaper, magazine, publishing industry and reviews website.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fthemeforest.net\u002Fitem\u002Fmagazine-wordpress-theme-mag-wp\u002F19305239?utm_source=wporg&utm_medium=pipes&ref=thimpress&utm_campaign=magwp\" rel=\"nofollow ugc\">Read more\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fmagwp.thimpress.com\" rel=\"nofollow ugc\">View MagWP Demo\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>News and Magazine WordPress Themes\u003C\u002Fh3>\n\u003Cp>As you are using WP Pipes, most of the time you will use it for a newspaper or magazine website. Take a look at MagWP, \u003Cstrong>the only Magazine WordPress theme\u003C\u002Fstrong> we developed to work perfectly with Pipes and to publish content professionally on the web.\u003Cbr \u002F>\nIt has many functions and demos which looks \u003Cstrong>90% similar to great newspapers like Nytimes, Bloomberg, Lifehack, Pinterest, etc\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FzLHFqAHQj2A?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&hd=1&cc_load_policy=1&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\n\u003Ch4>Here are things you can do with WP Pipes (just like Yahoo Pipes):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>RSS Feed to post\u003C\u002Fstrong>: a powerful RSS Feed to Post solution, get newsfeed from RSS Feed source and store into your WordPress as posts.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RSS Feed Creator\u003C\u002Fstrong>: getting Posts from WordPress Posts > Export as RSS Feed.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>iTunes Podcast creator\u003C\u002Fstrong>: get Posts from WordPress Posts > Export as iTunes Podcast,\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google XML Sitemap generator\u003C\u002Fstrong>: get Posts from WordPress Posts > Export as Google XML Sitemap\u003C\u002Fli>\n\u003Cli>\u003Cstrong>WooCommerce RSS Feed creator\u003C\u002Fstrong>: get WooCommerce Products > Export as RSS Feed or Google XML Sitemap\u003C\u002Fli>\n\u003Cli>\u003Cstrong>CSV Importer for WooCommerce\u003C\u002Fstrong>: upload CSV files and import to WooCommerce.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Auto Social Poster\u003C\u002Fstrong>: post from Posts, WooCommerce Products, bbPress topics \u002F comments to Twitter, Facebook, LinkedIn, Google+ Moments, Pinterest, Vkontakle, …\u003Cbr \u002F>\n… It’s your plugin, freebie, we provide you a tools to make pipelines, just like Yahoo Pipes, do what ever you needs. This Yahoo Pipes style plugin will empower the WordPress CMS to a new high.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>FEATURES\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Requires PHP 5.3 or higher with JSON, cURL to work properly.\u003C\u002Fli>\n\u003Cli>Create unlimited pipes.\u003C\u002Fli>\n\u003Cli>Each Pipe will start by a SOURCE and finish by a DESTINATION.\u003C\u002Fli>\n\u003Cli>There is PROCESSOR between SOURCE and DESTINATION to process your Pipe.\u003C\u002Fli>\n\u003Cli>Builtin SOURCE: RSS, Post\u003C\u002Fli>\n\u003Cli>Builtin DESTINATION: Post, RSS, Sitemap\u003C\u002Fli>\n\u003Cli>Extra SOURCEs and DESTINATIONs will come up later.\u003C\u002Fli>\n\u003Cli>There are number of PROCESSORS: slug, text cutter, keywords filter, metadata\u003C\u002Fli>\n\u003Cli>Unlimited usage, there is no FREE or PRO version.\u003C\u002Fli>\n\u003Cli>Smart schedule to execute pipes using cronjob.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>AVAILABLE SOURCES (more will come up later):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>RSS Reader: to read RSS Feed, to offer RSS Feed to Post functionality.\u003C\u002Fli>\n\u003Cli>Post: to read Posts from WordPress.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fthimpress.com\u002Fshop\u002Fcsv-source-pipes\u002F\" title=\"WordPress plugin import from CSV\" rel=\"nofollow ugc\">CSV: to read CSV files\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Email: to read mailbox.\u003C\u002Fli>\n\u003Cli>WooCommerce: to deal with WooCommerce products (coming soon)\u003C\u002Fli>\n\u003Cli>bbPress: to deal with bbPress topics (coming soon)\u003C\u002Fli>\n\u003Cli>Facebook (coming soon)\u003C\u002Fli>\n\u003Cli>WordPress.com: using oauth to connect to your blogs on wordpress.com.\u003C\u002Fli>\n\u003Cli>WordPress: deal with xmlrpc from WordPress (hosted or wordpress.com) (coming soon)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>AVAILABLE DESTINATIONS (more will come up later):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>RSS Creator: to create RSS Feed for WordPress.\u003C\u002Fli>\n\u003Cli>Post: to create Posts for WordPress. Can works with RSSReader source to offer RSS Feed to post functionality.\u003C\u002Fli>\n\u003Cli>WooCommerce: to create products in WooCommerce plugin.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fthimpress.com\u002Fshop\u002Fwordpress-com-destination-pipes\u002F\" title=\"WordPress plugin auto post to WordPress.com\" rel=\"nofollow ugc\">WordPress.com: to create post on WordPress.com blog\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fthimpress.com\u002Fshop\u002Fblogger-blogspot-destination-for-pipes\u002F\" title=\"WordPress plugin Auto post to Blogger \u002F Blogspot\" rel=\"nofollow ugc\">Blogger: to create blog post on Blogger\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>bbPress: to create topics in bbPress plugin. (coming soon)\u003C\u002Fli>\n\u003Cli>Email: to send a new email to a mailbox. (coming soon)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fthimpress.com\u002Fshop\u002Ftwitter-destination-pipes\u002F\" title=\"WordPress plugin Auto post to Twitter\" rel=\"nofollow ugc\">Twitter: to create Twitter tweets\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Facebook: to create message on Facebook personal wall. (coming soon)\u003C\u002Fli>\n\u003Cli>Facebook Page: to create message on Facebook Page. (coming soon)\u003C\u002Fli>\n\u003Cli>Facebook Group: to create message on Facebook Group. (coming soon)\u003C\u002Fli>\n\u003Cli>LinkedIn: to create message on LinkedIn personal wall. (coming soon)\u003C\u002Fli>\n\u003Cli>LinkedIn Group: to create message on LinkedIn Group wall. (coming soon)\u003C\u002Fli>\n\u003Cli>LinkedIn Company: to create message on LinkedIn Company wall. (coming soon)\u003C\u002Fli>\n\u003Cli>Vkontakle: to create message on Vkontakle (VK). (coming soon)\u003C\u002Fli>\n\u003Cli>Google Plus (Google+ or G+): to create message on Google+ \u002F G+ \u002F Google Plus. (comming soon)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>AVAILABLE PROCESSORS (more will come up later):\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Alias: create slug from text\u002Ftitle\u002Fsubject.\u003C\u002Fli>\n\u003Cli>Combine: combine fields together into one output field using shortcode. (new)\u003C\u002Fli>\n\u003Cli>Duplicate: check and prevent duplicate data items from source, recommend to use right after alias.\u003C\u002Fli>\n\u003Cli>Cut Introtext: cutting text into two parts.\u003C\u002Fli>\n\u003Cli>Get Fulltext: getting fulltext from a link.\u003C\u002Fli>\n\u003Cli>Get Images: get images from a link or html.\u003C\u002Fli>\n\u003Cli>Keywords Filter: filter by keywords with AND, OR and NOT operators.\u003C\u002Fli>\n\u003Cli>Strip Tags: strip html tags out of input html or text.\u003C\u002Fli>\n\u003Cli>Change Time: adjust date\u002Ftime.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>ROADMAP\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Writing more Source Addons: WooCommerce Products, Easy Digital Downloads, bbPress; will add ability to WP Pipes to create RSS Feed for WooCommerce, Easy Digital Downloads or bbPress.\u003C\u002Fli>\n\u003Cli>Writing more Destination Addons: Google Drive (to store document as Google Drive Docs),iTunes Podcast (to generate iTunes Podcast), Google XML Sitemap (to generate Google XML Sitemap).\u003C\u002Fli>\n\u003Cli>Custom schedule for each Pipe instead of the whole Pipes.\u003C\u002Fli>\n\u003Cli>Adding Pre-made \u002F Template Fields Matching sets.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>If you are looking for a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flearnpress\u002F\" title=\"WordPress LMS\" rel=\"ugc\">WordPress LMS\u003C\u002Fa>, check out our \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Flearnpress\u002F\" title=\"WordPress LMS Plugin\" rel=\"ugc\">WordPress LMS Plugin\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n","RSS Feed to Post\u002FbbPress, AutoBlogging, auto post to Twitter\u002FFacebook\u002FLinkedIn, CSV importing for Posts\u002FWooCommerce\u002FbbPress, RSS Feed Creator.",400,131114,86,37,"2025-05-09T03:41:00.000Z","6.8.5","6.0","7.4",[20,21,22,23,24],"auto-post","pipes","rss","syndicate","syndication","http:\u002F\u002Fthimpress.com\u002Fshop\u002Fpipes\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-pipes.zip",20,9,5,"2025-08-14 00:00:00","2026-03-15T15:16:48.613Z",[33,47,59,70,82,94,105,117,132],{"id":34,"url_slug":35,"title":36,"description":37,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":30,"updated_date":44,"references":45,"days_to_patch":38},"CVE-2025-28977","wp-pipes-reflected-cross-site-scripting","WP Pipes \u003C= 1.4.3 - Reflected Cross-Site Scripting","The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.",null,"\u003C=1.4.3","medium",6.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-02-04 03:25:32",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6277495a-f3a6-4f5a-9cec-2c0b293015b6?source=api-prod",{"id":48,"url_slug":49,"title":50,"description":51,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":52,"cvss_score":53,"cvss_vector":54,"vuln_type":55,"published_date":56,"updated_date":44,"references":57,"days_to_patch":38},"CVE-2025-28979","wp-pipes-unauthenticated-local-file-inclusion","WP Pipes \u003C= 1.4.3 - Unauthenticated Local File Inclusion","The WP Pipes plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.","high",8.1,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Improper Control of Filename for Include\u002FRequire Statement in PHP Program ('PHP Remote File Inclusion')","2025-07-22 00:00:00",[58],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F4fb5b208-0443-4d75-902b-8687217e26fd?source=api-prod",{"id":60,"url_slug":61,"title":62,"description":63,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":52,"cvss_score":64,"cvss_vector":65,"vuln_type":66,"published_date":67,"updated_date":44,"references":68,"days_to_patch":38},"CVE-2025-28982","wp-pipes-unauthenticated-sql-injection","WP Pipes \u003C= 1.4.3 - Unauthenticated SQL Injection","The WP Pipes plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2025-07-08 00:00:00",[69],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9a7ad642-ace5-41c9-bd33-44e532326f25?source=api-prod",{"id":71,"url_slug":72,"title":73,"description":74,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":75,"cvss_score":76,"cvss_vector":77,"vuln_type":78,"published_date":79,"updated_date":44,"references":80,"days_to_patch":38},"CVE-2025-60227","wp-pipes-unauthenticated-arbitrary-file-deletion-2","WP Pipes \u003C= 1.4.3 - Unauthenticated Arbitrary File Deletion","The WP Pipes plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","critical",9.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:H","External Control of File Name or Path","2025-07-06 00:00:00",[81],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffb85aacf-a8cf-4054-97fd-b285fcc2a7f9?source=api-prod",{"id":83,"url_slug":84,"title":85,"description":86,"plugin_slug":4,"theme_slug":38,"affected_versions":87,"patched_in_version":6,"severity":75,"cvss_score":76,"cvss_vector":77,"vuln_type":88,"published_date":89,"updated_date":90,"references":91,"days_to_patch":93},"CVE-2025-48267","wp-pipes-unauthenticated-arbitrary-file-deletion","WP Pipes \u003C= 1.4.2 - Unauthenticated Arbitrary File Deletion","The WP Pipes plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the delete_template() function in all versions up to, and including, 1.4.2. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","\u003C=1.4.2","Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","2025-05-30 00:00:00","2025-06-02 19:17:14",[92],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F0227cc13-8f19-43a2-95a1-f6e729baf256?source=api-prod",4,{"id":95,"url_slug":96,"title":97,"description":98,"plugin_slug":4,"theme_slug":38,"affected_versions":39,"patched_in_version":38,"severity":40,"cvss_score":99,"cvss_vector":100,"vuln_type":101,"published_date":102,"updated_date":44,"references":103,"days_to_patch":38},"CVE-2025-47664","wp-pipes-authenticated-administrator-server-side-request-forgery","WP Pipes \u003C= 1.4.3 - Authenticated (Administrator+) Server-Side Request Forgery","The WP Pipes plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Server-Side Request Forgery (SSRF)","2025-05-07 00:00:00",[104],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa4f4605c-d3e4-4f6e-ba47-413049a27455?source=api-prod",{"id":106,"url_slug":107,"title":108,"description":109,"plugin_slug":4,"theme_slug":38,"affected_versions":110,"patched_in_version":111,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":112,"updated_date":113,"references":114,"days_to_patch":116},"CVE-2024-12283","wp-pipes-reflected-cross-site-scripting-via-x1-parameter","WP Pipes \u003C= 1.4.1 - Reflected Cross-Site Scripting via x1 Parameter","The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘x1’ parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.","\u003C=1.4.1","1.4.2","2024-12-10 20:19:00","2024-12-11 08:57:59",[115],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F3aa56fc7-8d48-4149-afa7-8f9885de0674?source=api-prod",1,{"id":118,"url_slug":119,"title":120,"description":121,"plugin_slug":4,"theme_slug":38,"affected_versions":122,"patched_in_version":123,"severity":40,"cvss_score":124,"cvss_vector":125,"vuln_type":126,"published_date":127,"updated_date":128,"references":129,"days_to_patch":131},"CVE-2023-40009","wp-pipes-cross-site-request-forgery-to-settings-update","WP Pipes \u003C= 1.4.0 - Cross-Site Request Forgery to Settings Update","The WP Pipes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing nonce validation on the save() function. This makes it possible for unauthenticated attackers to modify the plugin's setting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","\u003C1.4.1","1.4.1",4.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:R\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Cross-Site Request Forgery (CSRF)","2023-08-11 00:00:00","2024-01-22 19:56:02",[130],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F094bf4e2-b774-4015-b6c6-c829c16556eb?source=api-prod",165,{"id":133,"url_slug":134,"title":135,"description":136,"plugin_slug":4,"theme_slug":38,"affected_versions":137,"patched_in_version":138,"severity":75,"cvss_score":139,"cvss_vector":140,"vuln_type":66,"published_date":141,"updated_date":128,"references":142,"days_to_patch":144},"CVE-2022-45355","wp-pipes-authenticated-admin-sql-injection","WP Pipes \u003C= 1.33 - Authenticated (Admin+) SQL Injection","The WP Pipes plugin for WordPress is vulnerable to SQL Injection  in versions up to, and including, 1.33 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",">=1.0 \u003C=1.0","1.4.0",9.8,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","2022-12-20 00:00:00",[143],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fbca8b173-8e7c-41ad-9316-b38cc2ce0e66?source=api-prod",399,{"slug":146,"display_name":7,"profile_url":8,"plugin_count":147,"total_installs":148,"avg_security_score":149,"avg_patch_time_days":150,"trust_score":151,"computed_at":152},"thimpress",21,209200,87,265,70,"2026-04-03T23:30:51.024Z",[154,179,200,220,237],{"slug":155,"name":156,"version":157,"author":158,"author_profile":159,"description":160,"short_description":161,"active_installs":162,"downloaded":163,"rating":164,"num_ratings":165,"last_updated":166,"tested_up_to":167,"requires_at_least":168,"requires_php":169,"tags":170,"homepage":174,"download_link":175,"security_score":176,"vuln_count":29,"unpatched_count":177,"last_vuln_date":178,"fetched_at":31},"feedwordpress","FeedWordPress","2025.1211","C. Johnson","https:\u002F\u002Fprofiles.wordpress.org\u002Fradgeek\u002F","\u003Cul>\n\u003Cli>Author: \u003Ca href=\"https:\u002F\u002Ffwpplugin.com\u002Fcontact\u002F\" rel=\"nofollow ugc\">C. Johnson\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Project URI: \u003Ca href=\"http:\u002F\u002Ffwpplugin.com\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Ffwpplugin.com\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>License: GPL 2. See License below for copyright jots and tittles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>FeedWordPress is an Atom\u002FRSS aggregator for WordPress. It syndicates content from feeds that you choose into your WordPress weblog, and then the content it syndicates appears as a series of special posts in your WordPress posts database. If you syndicate several feeds then you can use WordPress’s posts database and templating engine as the back-end of an aggregation (“planet”) website. It was developed, originally, as a utility\u002Fhobby project, because I needed a more flexible replacement for \u003Ca href=\"https:\u002F\u002Fweb.archive.org\u002Fweb\u002F20051029095046\u002Fhttp:\u002F\u002Fwww.planetplanet.org\u002F\" rel=\"nofollow ugc\">Planet\u003C\u002Fa> for aggregator sites that I administered.\u003C\u002Fp>\n\u003Cp>FeedWordPress is designed with flexibility, ease of use, and ease of configuration in mind. You’ll need a working installation of WordPress (version \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FVersion_4.5\" rel=\"nofollow ugc\">4.5\u003C\u002Fa> or later), and it helps to have SFTP or FTP access to your web host. The ability to create cron jobs on your web host is helpful but not required.\u003C\u002Fp>\n\u003Ch3>Using and Customizing FeedWordPress\u003C\u002Fh3>\n\u003Cp>FeedWordPress has many options which can be accessed through the WordPress Dashboard, and a lot of functionality accessible programmatically through WordPress templates or plugins. For further documentation of the ins and outs, see the documentation at the \u003Ca href=\"http:\u002F\u002Ffeedwordpress.radgeek.com\u002F\" rel=\"nofollow ugc\">FeedWordPress project homepage\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>The FeedWordPress plugin is copyright © 2005-2021 by Charles Johnson. It uses code derived or translated from:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Flaughingmeme.org\u002Farchives\u002F002203.html\" rel=\"nofollow ugc\">wp-rss-aggregate.php\u003C\u002Fa> by \u003Ca href=\"kellan@protest.net\" rel=\"nofollow ugc\">Kellan Elliot-McCrea\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fwww.simplepie.org\u002F\" rel=\"nofollow ugc\">SimplePie\u003C\u002Fa> feed parser by Ryan Parman, Geoffrey Sneddon, Ryan McCue, et al.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fmagpierss.sourceforge.net\u002F\" rel=\"nofollow ugc\">MagpieRSS\u003C\u002Fa> feed parser by \u003Ca href=\"kellan@protest.net\" rel=\"nofollow ugc\">Kellan Elliot-McCrea\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"http:\u002F\u002Fdiveintomark.org\u002Fprojects\u002Ffeed_finder\u002F\" rel=\"nofollow ugc\">Ultra-Liberal Feed Finder\u003C\u002Fa> by \u003Ca href=\"mark@diveintomark.org\" rel=\"nofollow ugc\">Mark Pilgrim\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwordpress.org\u002F\" rel=\"ugc\">WordPress Blog Tool and Publishing Platform\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>according to the terms of the \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Fcopyleft\u002Fgpl.html\" rel=\"nofollow ugc\">GNU General Public License\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under the terms of the \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Fcopyleft\u002Fgpl.html\" rel=\"nofollow ugc\">GNU General Public License\u003C\u002Fa> as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n","FeedWordPress syndicates content from feeds you choose into your WordPress weblog.",10000,1320808,84,61,"2025-12-11T14:32:00.000Z","6.9.4","4.5","",[171,172,173,22,24],"aggregation","atom","feed","https:\u002F\u002Ffwpplugin.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffeedwordpress.2025.1211.zip",97,0,"2024-03-04 00:00:00",{"slug":180,"name":181,"version":182,"author":183,"author_profile":184,"description":185,"short_description":186,"active_installs":187,"downloaded":188,"rating":189,"num_ratings":116,"last_updated":190,"tested_up_to":167,"requires_at_least":191,"requires_php":192,"tags":193,"homepage":198,"download_link":199,"security_score":189,"vuln_count":177,"unpatched_count":177,"last_vuln_date":38,"fetched_at":31},"rss-chimp","RSS Chimp – Add Featured Images to WP RSS Feeds (Mailchimp, Google News, Feedly)","1.3.0","kerosindigital","https:\u002F\u002Fprofiles.wordpress.org\u002Fkerosindigital\u002F","\u003Cp>Add featured images to RSS feeds for Mailchimp, Google News, Feedly and email newsletters. Enhance WordPress RSS feed with thumbnails for better email marketing and syndication.\u003C\u002Fp>\n\u003Ch3>RSS Chimp – Add Featured Images to WordPress RSS Feeds for Content Marketing & Marketing Automation\u003C\u002Fh3>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fkerosin.digital\u002Frss-chimp\u002F\" rel=\"nofollow ugc\">RSS Chimp\u003C\u002Fa> automatically adds featured images to WordPress RSS feeds, ensuring compatibility with Mailchimp, Google News, Feedly & automation tools. Perfect for content marketers, bloggers, and businesses looking to enhance RSS feeds for newsletters, syndication & SEO.\u003C\u002Fp>\n\u003Cp>This plugin is designed for content marketers, bloggers, and businesses who rely on RSS feeds for newsletters, content syndication, and marketing automation.\u003C\u002Fp>\n\u003Cp>RSS Chimp offers maximum compatibility with feed readers and improves the experience of your users who use such programs.\u003C\u002Fp>\n\u003Cp>RSS Chimp works instantly after activation and adds blog posts featured images in RSS feeds. It is easily set up and offers advanced users many customizations and settings to customize the RSS feed.\u003C\u002Fp>\n\u003Cp>RSS Chimp is forever free and has numerous valuable features despite adding the featured image to the RSS feed. Unlock the premium version and enjoy more powerful features.\u003C\u002Fp>\n\u003Ch3>Who Uses RSS Chimp?\u003C\u002Fh3>\n\u003Cp>✓ \u003Cstrong>Email Marketers\u003C\u002Fstrong> – Enhance Mailchimp RSS campaigns with featured images\u003Cbr \u002F>\n✓ \u003Cstrong>News Publishers\u003C\u002Fstrong> – Optimize feeds for Google News & Feedly with thumbnails\u003Cbr \u002F>\n✓ \u003Cstrong>Content Marketers\u003C\u002Fstrong> – Improve content syndication with rich media feeds\u003Cbr \u002F>\n✓ \u003Cstrong>Newsletter Creators\u003C\u002Fstrong> – Add post thumbnails to automated email newsletters\u003Cbr \u002F>\n✓ \u003Cstrong>Bloggers\u003C\u002Fstrong> – Make RSS feeds more engaging with featured images\u003C\u002Fp>\n\u003Ch3>Free features\u003C\u002Fh3>\n\u003Cp>➜ Add featured images to the RSS feed with the  and  tag\u003Cbr \u002F>\n➜ Choose between different image sizes to optimize the loading speed and enhance the usability of your WordPress RSS feed\u003Cbr \u002F>\n➜ Include the title and description of featured images in your RSS feed\u003Cbr \u002F>\n➜ Perfectly integrates with Mailchimp, Google News, Sendinblue, MailerLite, Hubspot, and other services for marketing automation and content marketing\u003Cbr \u002F>\n➜ Enable\u002Fdisable the default WordPress feed\u003Cbr \u002F>\n➜ Validate your feed with a quick link directly from the backend\u003Cbr \u002F>\n➜ Add an image as the logo of your RSS feed, which will be used by feed readers and marketing automation tools, so that users will quickly recognize your site\u003Cbr \u002F>\n➜ Enhance your RSS feed with additional metadata such as copyright information and contact details for the editor or webmaster of the page\u003C\u002Fp>\n\u003Ch3>Why Upgrade to RSS Chimp Pro?\u003C\u002Fh3>\n\u003Cp>RSS Chimp Pro unlocks \u003Cstrong>advanced features\u003C\u002Fstrong> to enhance your WordPress RSS feed:\u003C\u002Fp>\n\u003Cp>✔ \u003Cstrong>Create an Additional Custom RSS Feed\u003C\u002Fstrong> – Generate separate feeds for different purposes.\u003Cbr \u002F>\n✔ \u003Cstrong>Choose Any Registered Thumbnail Size\u003C\u002Fstrong> – Get full control over image sizes in your RSS feed.\u003Cbr \u002F>\n✔ \u003Cstrong>Add Custom Text & HTML Before\u002FAfter Each Post\u003C\u002Fstrong> – Personalize your feed for marketing automation.\u003Cbr \u002F>\n✔ \u003Cstrong>Customize the Permalink of Additional RSS Feed\u003C\u002Fstrong> – Set custom URLs for different feeds.\u003Cbr \u002F>\n✔ \u003Cstrong>Define Post Length (Full\u002FSummary) in RSS Feed\u003C\u002Fstrong> – Control how much content appears in RSS readers.\u003Cbr \u002F>\n✔ \u003Cstrong>Delay Publication of New Posts in RSS Feed\u003C\u002Fstrong> – Schedule post delays for strategic syndication.\u003Cbr \u002F>\n✔ \u003Cstrong>Add URL Parameters to All Post Links\u003C\u002Fstrong> – Track traffic sources with UTM tags.\u003Cbr \u002F>\n✔ \u003Cstrong>Hide WordPress Version in RSS Feed for Security\u003C\u002Fstrong> – Prevent exposing WordPress version data.\u003Cbr \u002F>\n✔ \u003Cstrong>Premium Email Support\u003C\u002Fstrong> – Get fast, priority support for troubleshooting.\u003C\u002Fp>\n\u003Cp>🚀 \u003Cstrong>Boost Your RSS Feed with Pro Features!\u003C\u002Fstrong>\u003Cbr \u002F>\n🔹 Advanced RSS customization\u003Cbr \u002F>\n🔹 Extra feed control for newsletters & marketing\u003Cbr \u002F>\n🔹 SEO-friendly enhancements\u003C\u002Fp>\n\u003Cp>👉 \u003Cstrong>Upgrade to RSS Chimp Pro & Get More Control!\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fkerosin.digital\u002Frss-chimp\u002F\" rel=\"nofollow ugc\">Upgrade Now\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Support the development of RSS Chimp\u003C\u002Fh4>\n\u003Cp>You can support the development of the free version of RSS Chimp and make a contribution on \u003Ca href=\"https:\u002F\u002Fko-fi.com\u002Fkerosindigital\" rel=\"nofollow ugc\">Ko-fi\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fstories.freepik.com\u002F\" rel=\"noopener nofollow ugc\">Illustration by Freepik Stories\u003C\u002Fa>\u003C\u002Fp>\n","Add featured images to RSS feeds for Mailchimp, Google News, Feedly and email newsletters. Enhance WordPress RSS feed with thumbnails for better email &hellip;",300,6213,100,"2025-11-30T12:47:00.000Z","5.9","5.6",[194,195,196,197,24],"featured-image","mailchimp","newsletter","rss-feed","https:\u002F\u002Fkerosin.digital\u002Frss-chimp","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frss-chimp.1.3.0.zip",{"slug":201,"name":202,"version":203,"author":204,"author_profile":205,"description":206,"short_description":207,"active_installs":208,"downloaded":209,"rating":210,"num_ratings":211,"last_updated":212,"tested_up_to":213,"requires_at_least":214,"requires_php":169,"tags":215,"homepage":216,"download_link":217,"security_score":218,"vuln_count":116,"unpatched_count":116,"last_vuln_date":219,"fetched_at":31},"faf","FeedWordPress Advanced Filters","0.6.2","Bas Schuiling","https:\u002F\u002Fprofiles.wordpress.org\u002Fbasszje\u002F","\u003Cul>\n\u003Cli>Author: \u003Ca href=\"http:\u002F\u002Fwww.weblogmechanic.com\u002Fabout\" rel=\"nofollow ugc\">Bas Schuiling\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>Project URI: \u003Ca href=\"http:\u002F\u002Fwww.weblogmechanic.com\u002Fplugins\u002Ffeedwordpress-advanced-filters\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fwww.weblogmechanic.com\u002Fplugins\u002Ffeedwordpress-advanced-filters\u002F\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>License: GPL 2. See License below for copyright jots and tittles.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>FeedWordPress Advanced Filters (FAF) gives you powerful options to filter your aggregated Feedwordpress items. Tidy output, import images,make posts expire, rewrite your links… New features are being added constantly.\u003C\u002Fp>\n\u003Cp>Features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Remove Keywords or HTML tags\u003C\u002Fli>\n\u003Cli>Get and save images into your blog in your defined sizes\u003C\u002Fli>\n\u003Cli>Set featured images from your feeds\u003C\u002Fli>\n\u003Cli>Put posts in different categories based on the keywords you want\u003C\u002Fli>\n\u003Cli>Make aggregated posts expire after some time\u003C\u002Fli>\n\u003Cli>Set links to open in new window or use your outbound tracker URL\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>FAF requires Feedwordpress plugin and PHP 5.3 to be installed!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Expire posts filter requires post expirator plugin\u003C\u002Fp>\n\u003Ch3>Short Description\u003C\u002Fh3>\n\u003Cp>FeedWordPress Advanced Filters (FAF) gives you powerful options to filter your aggregated Feedwordpress items. Tidy output, import images,make posts expire, rewrite your links… New features are being added constantly.\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>The FeedWordPress Advanced Filter plugin is copyright © 2013 by Bas Schuiling. It uses\u003Cbr \u002F>\ncode derived or translated from:\u003C\u002Fp>\n\u003Cp>according to the terms of the \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Fcopyleft\u002Fgpl.html\" rel=\"nofollow ugc\">GNU General Public License\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This program is free software; you can redistribute it and\u002For modify it under\u003Cbr \u002F>\nthe terms of the \u003Ca href=\"http:\u002F\u002Fwww.gnu.org\u002Fcopyleft\u002Fgpl.html\" rel=\"nofollow ugc\">GNU General Public License\u003C\u002Fa> as published by the Free\u003Cbr \u002F>\nSoftware Foundation; either version 2 of the License, or (at your option) any\u003Cbr \u002F>\nlater version.\u003C\u002Fp>\n\u003Cp>This program is distributed in the hope that it will be useful, but WITHOUT ANY\u003Cbr \u002F>\nWARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A\u003Cbr \u002F>\nPARTICULAR PURPOSE. See the GNU General Public License for more details.\u003C\u002Fp>\n","Author: Bas Schuiling",200,26945,50,8,"2014-12-16T18:34:00.000Z","4.0.38","3.0",[171,172,173,22,24],"http:\u002F\u002Fwww.weblogmechanic.com\u002Fplugins\u002Ffeedwordpress-advanced-filters\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Ffaf.0.6.2.zip",63,"2026-01-27 00:00:00",{"slug":221,"name":222,"version":223,"author":224,"author_profile":225,"description":226,"short_description":227,"active_installs":208,"downloaded":228,"rating":164,"num_ratings":29,"last_updated":229,"tested_up_to":230,"requires_at_least":231,"requires_php":169,"tags":232,"homepage":234,"download_link":235,"security_score":236,"vuln_count":177,"unpatched_count":177,"last_vuln_date":38,"fetched_at":31},"syndicate-press","Syndicate Press","1.0.33.2","SP developer","https:\u002F\u002Fprofiles.wordpress.org\u002Fhranchfundi\u002F","\u003Cp>Syndicate Press lets you include RSS, RDF or Atom feeds directly in your WordPress Posts, Pages, Widgets or anywhere in your theme. Syndicate Press features an easy to use admin page and includes great features such as feed caching, filters and numerous display options.\u003C\u002Fp>\n\u003Cp>Unlike a number of other news syndication plugins for WordPress, Syndicate Press does not force arbitrary formatting or CSS styling on the feed contents.  This allows the feed items to be displayed in your site like they are a fully integrated part of your content.\u003C\u002Fp>\n\u003Cp>Syndicate Press is actively maintained and regularly updated with new features and enhancements. The Syndicate Press development team at \u003Ca href=\"http:\u002F\u002Fhenryranch.net\u002Fsoftware\u002Fsyndicate-press\u002F\" rel=\"nofollow ugc\">henryranch.net\u003C\u002Fa> has focused on ease of use, performance, stability and functionality to bring you a great plugin that will help keep your WordPress site up to date with the latest in news feeds from every corner of the world.\u003C\u002Fp>\n\u003Ch3>Arbitrary section\u003C\u002Fh3>\n\u003Cp>Please see the following pages for examples of the syndicated news feeds on a WordPress blog:\u003C\u002Fp>\n\u003Cp>Usage information: http:\u002F\u002Fsyndicatepress.henryranch.net\u002Fdocumentation\u002Fusage\u002F \u003C\u002Fp>\n","Syndicate Press lets you include RSS, RDF or Atom feeds directly in your Wordpress posts, pages, widgets or theme.",60702,"2018-01-23T04:13:00.000Z","4.9.29","2.8",[172,173,233,22,23],"rdf","http:\u002F\u002Fsyndicatepress.henryranch.net\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsyndicate-press.zip",85,{"slug":238,"name":239,"version":240,"author":241,"author_profile":242,"description":243,"short_description":244,"active_installs":245,"downloaded":246,"rating":177,"num_ratings":177,"last_updated":247,"tested_up_to":248,"requires_at_least":249,"requires_php":169,"tags":250,"homepage":254,"download_link":255,"security_score":236,"vuln_count":177,"unpatched_count":177,"last_vuln_date":38,"fetched_at":31},"subscribe-remind","Subscribe-Remind","1.3","fitztrev","https:\u002F\u002Fprofiles.wordpress.org\u002Ffitztrev\u002F","\u003Cp>With the Subscribe-Remind plugin, some text will automatically be placed at the end of each of your posts inviting your readers to subscribe to your RSS feed or follow you on Twitter. It’s an unobtrusive and effective way to turn visitors into subscribers.\u003C\u002Fp>\n\u003Ch3>Importance\u003C\u002Fh3>\n\u003Cp>With more and more people using RSS readers to get content, it’s important that your blog’s feed be easily accessible. By increasing your syndication audience, your readers will be exposed to much more of your content.\u003C\u002Fp>\n","Subscribe Remind will add a brief message at the bottom of each post inviting users to subscribe to your RSS feed or follow you on Twitter.",90,40591,"2011-01-04T19:47:00.000Z","3.0.5","1.5",[251,252,22,253,24],"post","remind","subscribe","http:\u002F\u002Ftrevorfitzgerald.com\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsubscribe-remind.1.3.zip",{"attackSurface":257,"codeSignals":292,"taintFlows":373,"riskAssessment":658,"analyzedAt":675},{"hooks":258,"ajaxHandlers":288,"restRoutes":289,"shortcodes":290,"cronEvents":291,"entryPointCount":177,"unprotectedCount":177},[259,264,267,271,274,278,281,285],{"type":260,"name":261,"callback":261,"file":262,"line":263},"action","admin_menu","includes\\application.php",46,{"type":260,"name":265,"callback":265,"file":262,"line":266},"admin_init",47,{"type":260,"name":268,"callback":268,"file":269,"line":270},"init","pipes.php",39,{"type":260,"name":265,"callback":272,"file":269,"line":273},"pipes_plugin_redirect",40,{"type":260,"name":275,"callback":276,"file":269,"line":277},"wp_enqueue_scripts","mywppipes_enqueue",264,{"type":260,"name":279,"callback":280,"file":269,"line":150},"wp_print_scripts","ts_js",{"type":260,"name":282,"callback":283,"file":269,"line":284},"wppipes_loaded_ads","ob_advertisment",269,{"type":260,"name":286,"callback":283,"file":269,"line":287},"admin_footer",295,[],[],[],[],{"dangerousFunctions":293,"sqlUsage":329,"outputEscaping":348,"fileOperations":349,"externalRequests":370,"nonceChecks":370,"capabilityChecks":371,"bundledLibraries":372},[294,299,303,306,310,314,318,321,323,326],{"fn":295,"file":296,"line":297,"context":298},"unserialize","grab.php",88,"$row = unserialize( $row );",{"fn":295,"file":300,"line":301,"context":302},"helpers\\common.php",286,"$default = unserialize( $default );",{"fn":295,"file":304,"line":151,"context":305},"includes\\registry\\registry.php","$this->data = unserialize(serialize($this->data));",{"fn":295,"file":307,"line":308,"context":309},"includes\\utilities\\arrayhelper.php",611,"$myvalue = unserialize($myvalue);",{"fn":295,"file":311,"line":312,"context":313},"plugins\\engines\\rssreader\\helpers\\library\\SimplePie\\Cache\\File.php",123,"return unserialize( file_get_contents( $this->name ) );",{"fn":295,"file":315,"line":316,"context":317},"plugins\\engines\\rssreader\\helpers\\library\\SimplePie\\Cache\\Memcache.php",130,"return unserialize( $data );",{"fn":295,"file":319,"line":277,"context":320},"plugins\\engines\\rssreader\\helpers\\library\\SimplePie\\Cache\\MySQL.php","$data = unserialize( $row[1] );",{"fn":295,"file":319,"line":287,"context":322},"$feed['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['entry'][] = unserialize( $row );",{"fn":295,"file":324,"line":325,"context":302},"plugins\\engines\\rssreader\\rssreader.php",52,{"fn":295,"file":324,"line":327,"context":328},82,"$rows         = unserialize( $cache_conten );",{"prepared":164,"raw":330,"locations":331},6,[332,335,339,341,344,346],{"file":300,"line":333,"context":334},250,"$wpdb->get_var() with variable interpolation",{"file":336,"line":337,"context":338},"plugins\\engines\\rssreader\\helpers\\library\\SimplePie\\Sanitize.php",372,"$wpdb->query() with variable interpolation",{"file":336,"line":340,"context":338},439,{"file":342,"line":343,"context":338},"uninstall.pipes.php",24,{"file":342,"line":345,"context":338},25,{"file":342,"line":347,"context":338},26,{"escaped":349,"rawEcho":211,"locations":350},103,[351,354,357,359,361,363,366,368],{"file":352,"line":144,"context":353},"controllers\\pipes.php","raw output",{"file":355,"line":356,"context":353},"views\\pipe\\tmpl\\form_bs3.php",155,{"file":355,"line":358,"context":353},283,{"file":355,"line":360,"context":353},531,{"file":355,"line":362,"context":353},560,{"file":364,"line":365,"context":353},"views\\settings\\tmpl\\default.php",167,{"file":364,"line":367,"context":353},172,{"file":364,"line":369,"context":353},174,12,3,[],[374,391,411,435,446,454,464,472,483,492,501,510,519,529,551,564,572,590,600,612],{"entryPoint":375,"graph":376,"unsanitizedCount":116,"severity":40},"create_tables (controllers\\pipes.php:141)",{"nodes":377,"edges":388},[378,383],{"id":379,"type":380,"label":381,"file":352,"line":382},"n0","source","$_SERVER['HTTP_REFERER']",207,{"id":384,"type":385,"label":386,"file":352,"line":382,"wp_function":387},"n1","sink","header() [Header Injection]","header",[389],{"from":379,"to":384,"sanitized":390},false,{"entryPoint":392,"graph":393,"unsanitizedCount":410,"severity":40},"export_to_share (controllers\\pipes.php:347)",{"nodes":394,"edges":407},[395,398,400,404],{"id":379,"type":380,"label":396,"file":352,"line":397},"$_SERVER",354,{"id":384,"type":385,"label":386,"file":352,"line":399,"wp_function":387},355,{"id":401,"type":380,"label":402,"file":352,"line":403},"n2","$_GET",350,{"id":405,"type":385,"label":386,"file":352,"line":406,"wp_function":387},"n3",389,[408,409],{"from":379,"to":384,"sanitized":390},{"from":401,"to":405,"sanitized":390},2,{"entryPoint":412,"graph":413,"unsanitizedCount":371,"severity":40},"import_from_file (controllers\\pipes.php:404)",{"nodes":414,"edges":431},[415,417,421,423,425,428],{"id":379,"type":380,"label":402,"file":352,"line":416},409,{"id":384,"type":385,"label":418,"file":352,"line":419,"wp_function":420},"file_get_contents() [SSRF\u002FLFI]",417,"file_get_contents",{"id":401,"type":380,"label":396,"file":352,"line":422},442,{"id":405,"type":385,"label":386,"file":352,"line":424,"wp_function":387},443,{"id":426,"type":380,"label":402,"file":352,"line":427},"n4",408,{"id":429,"type":385,"label":386,"file":352,"line":430,"wp_function":387},"n5",451,[432,433,434],{"from":379,"to":384,"sanitized":390},{"from":401,"to":405,"sanitized":390},{"from":426,"to":429,"sanitized":390},{"entryPoint":436,"graph":437,"unsanitizedCount":116,"severity":40},"uninstall (controllers\\plugins.php:22)",{"nodes":438,"edges":444},[439,442],{"id":379,"type":380,"label":396,"file":440,"line":441},"controllers\\plugins.php",27,{"id":384,"type":385,"label":386,"file":440,"line":443,"wp_function":387},28,[445],{"from":379,"to":384,"sanitized":390},{"entryPoint":447,"graph":448,"unsanitizedCount":116,"severity":40},"\u003Cplugins> (controllers\\plugins.php:0)",{"nodes":449,"edges":452},[450,451],{"id":379,"type":380,"label":396,"file":440,"line":441},{"id":384,"type":385,"label":386,"file":440,"line":443,"wp_function":387},[453],{"from":379,"to":384,"sanitized":390},{"entryPoint":455,"graph":456,"unsanitizedCount":116,"severity":40},"ip_info (helpers\\common.php:181)",{"nodes":457,"edges":462},[458,460],{"id":379,"type":380,"label":396,"file":300,"line":459},189,{"id":384,"type":385,"label":418,"file":300,"line":461,"wp_function":420},204,[463],{"from":379,"to":384,"sanitized":390},{"entryPoint":465,"graph":466,"unsanitizedCount":116,"severity":40},"\u003Ccommon> (helpers\\common.php:0)",{"nodes":467,"edges":470},[468,469],{"id":379,"type":380,"label":396,"file":300,"line":459},{"id":384,"type":385,"label":418,"file":300,"line":461,"wp_function":420},[471],{"from":379,"to":384,"sanitized":390},{"entryPoint":473,"graph":474,"unsanitizedCount":177,"severity":482},"edit (controllers\\pipes.php:23)",{"nodes":475,"edges":479},[476,477],{"id":379,"type":380,"label":402,"file":352,"line":347},{"id":384,"type":385,"label":386,"file":352,"line":478,"wp_function":387},36,[480],{"from":379,"to":384,"sanitized":481},true,"low",{"entryPoint":484,"graph":485,"unsanitizedCount":177,"severity":482},"copy (controllers\\pipes.php:78)",{"nodes":486,"edges":490},[487,489],{"id":379,"type":380,"label":396,"file":352,"line":488},99,{"id":384,"type":385,"label":386,"file":352,"line":189,"wp_function":387},[491],{"from":379,"to":384,"sanitized":481},{"entryPoint":493,"graph":494,"unsanitizedCount":177,"severity":482},"publish (controllers\\pipes.php:108)",{"nodes":495,"edges":499},[496,497],{"id":379,"type":380,"label":396,"file":352,"line":316},{"id":384,"type":385,"label":386,"file":352,"line":498,"wp_function":387},131,[500],{"from":379,"to":384,"sanitized":481},{"entryPoint":502,"graph":503,"unsanitizedCount":177,"severity":482},"pipes_restore_default_options (controllers\\pipes.php:216)",{"nodes":504,"edges":508},[505,507],{"id":379,"type":380,"label":381,"file":352,"line":506},246,{"id":384,"type":385,"label":386,"file":352,"line":506,"wp_function":387},[509],{"from":379,"to":384,"sanitized":481},{"entryPoint":511,"graph":512,"unsanitizedCount":177,"severity":482},"delete_cache_folder (controllers\\pipes.php:256)",{"nodes":513,"edges":517},[514,516],{"id":379,"type":380,"label":381,"file":352,"line":515},280,{"id":384,"type":385,"label":386,"file":352,"line":515,"wp_function":387},[518],{"from":379,"to":384,"sanitized":481},{"entryPoint":520,"graph":521,"unsanitizedCount":177,"severity":482},"move_to_draft (controllers\\pipes.php:307)",{"nodes":522,"edges":527},[523,525],{"id":379,"type":380,"label":396,"file":352,"line":524},320,{"id":384,"type":385,"label":386,"file":352,"line":526,"wp_function":387},321,[528],{"from":379,"to":384,"sanitized":481},{"entryPoint":530,"graph":531,"unsanitizedCount":177,"severity":482},"\u003Cpipes> (controllers\\pipes.php:0)",{"nodes":532,"edges":546},[533,535,536,538,539,541,542,544],{"id":379,"type":380,"label":534,"file":352,"line":347},"$_GET (x3)",{"id":384,"type":385,"label":386,"file":352,"line":478,"wp_function":387},{"id":401,"type":380,"label":537,"file":352,"line":488},"$_SERVER (x5)",{"id":405,"type":385,"label":386,"file":352,"line":189,"wp_function":387},{"id":426,"type":380,"label":540,"file":352,"line":382},"$_SERVER['HTTP_REFERER'] (x3)",{"id":429,"type":385,"label":386,"file":352,"line":382,"wp_function":387},{"id":543,"type":380,"label":402,"file":352,"line":416},"n6",{"id":545,"type":385,"label":418,"file":352,"line":419,"wp_function":420},"n7",[547,548,549,550],{"from":379,"to":384,"sanitized":481},{"from":401,"to":405,"sanitized":481},{"from":426,"to":429,"sanitized":481},{"from":543,"to":545,"sanitized":481},{"entryPoint":552,"graph":553,"unsanitizedCount":177,"severity":482},"save (models\\settings.php:30)",{"nodes":554,"edges":562},[555,559],{"id":379,"type":380,"label":556,"file":557,"line":558},"$_POST","models\\settings.php",45,{"id":384,"type":385,"label":560,"file":557,"line":210,"wp_function":561},"update_option() [Settings Manipulation]","update_option",[563],{"from":379,"to":384,"sanitized":481},{"entryPoint":565,"graph":566,"unsanitizedCount":177,"severity":482},"\u003Csettings> (models\\settings.php:0)",{"nodes":567,"edges":570},[568,569],{"id":379,"type":380,"label":556,"file":557,"line":558},{"id":384,"type":385,"label":560,"file":557,"line":210,"wp_function":561},[571],{"from":379,"to":384,"sanitized":481},{"entryPoint":573,"graph":574,"unsanitizedCount":116,"severity":52},"preview_processor (controllers\\pipe.php:510)",{"nodes":575,"edges":587},[576,579,582],{"id":379,"type":380,"label":402,"file":577,"line":578},"controllers\\pipe.php",525,{"id":384,"type":580,"label":581,"file":577,"line":578},"transform","→ getPipes()",{"id":401,"type":385,"label":583,"file":584,"line":585,"wp_function":586},"get_results() [SQLi]","models\\pipe.php",841,"get_results",[588,589],{"from":379,"to":384,"sanitized":390},{"from":384,"to":401,"sanitized":390},{"entryPoint":591,"graph":592,"unsanitizedCount":116,"severity":52},"\u003Cpipe> (controllers\\pipe.php:0)",{"nodes":593,"edges":597},[594,595,596],{"id":379,"type":380,"label":402,"file":577,"line":578},{"id":384,"type":580,"label":581,"file":577,"line":578},{"id":401,"type":385,"label":583,"file":584,"line":585,"wp_function":586},[598,599],{"from":379,"to":384,"sanitized":390},{"from":384,"to":401,"sanitized":390},{"entryPoint":601,"graph":602,"unsanitizedCount":116,"severity":52},"getItem (models\\pipe.php:24)",{"nodes":603,"edges":610},[604,606],{"id":379,"type":380,"label":605,"file":584,"line":441},"$_REQUEST",{"id":384,"type":385,"label":607,"file":584,"line":608,"wp_function":609},"get_row() [SQLi]",30,"get_row",[611],{"from":379,"to":384,"sanitized":390},{"entryPoint":613,"graph":614,"unsanitizedCount":147,"severity":52},"\u003Cpipe> (models\\pipe.php:0)",{"nodes":615,"edges":649},[616,618,619,621,623,624,628,629,633,636,638,640,643,646],{"id":379,"type":380,"label":617,"file":584,"line":441},"$_REQUEST (x4)",{"id":384,"type":385,"label":607,"file":584,"line":608,"wp_function":609},{"id":401,"type":380,"label":620,"file":584,"line":441},"$_REQUEST (x7)",{"id":405,"type":385,"label":583,"file":584,"line":622,"wp_function":586},116,{"id":426,"type":380,"label":620,"file":584,"line":441},{"id":429,"type":385,"label":625,"file":584,"line":626,"wp_function":627},"query() [SQLi]",121,"query",{"id":543,"type":380,"label":605,"file":584,"line":441},{"id":545,"type":385,"label":630,"file":584,"line":631,"wp_function":632},"get_var() [SQLi]",976,"get_var",{"id":634,"type":380,"label":605,"file":584,"line":635},"n8",660,{"id":637,"type":580,"label":581,"file":584,"line":635},"n9",{"id":639,"type":385,"label":583,"file":584,"line":585,"wp_function":586},"n10",{"id":641,"type":380,"label":605,"file":584,"line":642},"n11",967,{"id":644,"type":580,"label":645,"file":584,"line":642},"n12","→ saveProcessParam()",{"id":647,"type":385,"label":625,"file":584,"line":648,"wp_function":627},"n13",299,[650,651,652,653,654,655,656,657],{"from":379,"to":384,"sanitized":390},{"from":401,"to":405,"sanitized":390},{"from":426,"to":429,"sanitized":390},{"from":543,"to":545,"sanitized":390},{"from":634,"to":637,"sanitized":390},{"from":637,"to":639,"sanitized":390},{"from":641,"to":644,"sanitized":390},{"from":644,"to":647,"sanitized":390},{"summary":659,"deductions":660},"The wp-pipes plugin v1.4.3 presents a mixed security posture. While the static analysis indicates a very limited attack surface with no apparent direct entry points like AJAX handlers, REST API routes, or shortcodes, and a high percentage of SQL queries and output using prepared statements and proper escaping respectively, there are significant concerns. The presence of 10 dangerous `unserialize` function calls is a major red flag, as this function is notoriously susceptible to object injection vulnerabilities if not handled with extreme care, especially when processing untrusted data. Furthermore, the taint analysis revealed 11 flows with unsanitized paths, 4 of which are of high severity. This suggests that user-controlled input might be used to construct file paths or other critical data without adequate sanitization, potentially leading to serious security flaws.\n\nThe plugin's vulnerability history is deeply concerning. With a total of 9 known CVEs, 5 of which are currently unpatched, and a significant number of critical and high-severity vulnerabilities, this indicates a persistent pattern of insecure coding practices. The common vulnerability types listed, such as Remote File Inclusion, SQL Injection, Path Traversal, SSRF, and Cross-Site Scripting, are all serious and can lead to complete site compromise. The recent last vulnerability date further emphasizes that these issues have not been a relic of the past.\n\nIn conclusion, despite some positive indicators in the static analysis regarding SQL and output escaping, the extensive history of critical unpatched vulnerabilities and the identified dangerous functions and unsanitized taint flows paint a picture of high risk. The plugin's past and present security issues strongly suggest that it is not safe for use without significant remediation and thorough auditing.",[661,663,665,668,670,672],{"reason":662,"points":27},"Unpatched Critical CVEs (3)",{"reason":664,"points":27},"Unpatched High CVEs (2)",{"reason":666,"points":667},"Dangerous functions (unserialize)",15,{"reason":669,"points":27},"High severity taint flows (4)",{"reason":671,"points":27},"Flows with unsanitized paths (11)",{"reason":673,"points":674},"Medium severity CVEs (4)",16,"2026-03-16T19:48:04.193Z",{"wat":677,"direct":693},{"assetPaths":678,"generatorPatterns":690,"scriptPaths":691,"versionParams":692},[679,680,681,682,683,684,685,686,687,688,689],"\u002Fwp-content\u002Fplugins\u002Fwp-pipes\u002Fassets\u002Fcss\u002Fobstyle.css","\u002Fwp-content\u002Fplugins\u002Fwp-pipes\u002Fassets\u002Fcss\u002Fbootstrap.min.css","\u002Fwp-content\u002Fplugins\u002Fwp-pipes\u002Fassets\u002Fcss\u002Fprocess.css","\u002Fwp-content\u002Fplugins\u002Fwp-pipes\u002Fassets\u002Fcss\u002Fchosen.css","\u002Fwp-content\u002Fplugins\u002Fwp-pipes\u002Fassets\u002Fcss\u002Fad_style.css","\u002Fwp-content\u002Fplugins\u002Fwp-pipes\u002Fassets\u002Fjs\u002Fbootstrap.min.js","\u002Fwp-content\u002Fplugins\u002Fwp-pipes\u002Fassets\u002Fjs\u002Fprocess.js","\u002Fwp-content\u002Fplugins\u002Fwp-pipes\u002Fassets\u002Fjs\u002Fogb-lib-admin.js","\u002Fwp-content\u002Fplugins\u002Fwp-pipes\u002Fassets\u002Fjs\u002Fchosen.jquery.js","\u002Fwp-content\u002Fplugins\u002Fwp-pipes\u002Fassets\u002Fjs\u002Fangular.js","\u002Fwp-content\u002Fplugins\u002Fwp-pipes\u002Fassets\u002Fjs\u002Fad_script.js",[],[684,685,686,687,688,689],[],{"cssClasses":694,"htmlComments":706,"htmlAttributes":707,"restEndpoints":710,"jsGlobals":711,"shortcodeOutput":714},[695,696,697,698,699,696,700,701,702,703,704,705],"pipes-obstyle","pipes-bootstrap-min","pipes-process-css","pipes-chosen-css","pipes-ads-css","pipes-process","pipes-ogb-lib-admin","pipes-chosen","pipes-angular","pipes-ads-js","dashicons-editor-justify",[],[708,709],"data-page_prefix","data-prefix",[],[712,713],"PIPES","pipes_settings",[]]