Plattform
wordpress
Komponente
wp-pipes
Behoben in
1.4.4
CVE-2025-60227 describes an Arbitrary File Access vulnerability discovered in WP Pipes, a WordPress plugin. This vulnerability allows attackers to potentially read arbitrary files on the server by manipulating file paths. The issue affects versions from 0.0.0 up to and including 1.4.3. A patch is expected to be released by the vendor to address this security concern.
The Arbitrary File Access vulnerability in WP Pipes allows an attacker to bypass intended access controls and read files from the server's file system. This could expose sensitive data such as configuration files, database credentials, or even source code. Successful exploitation could lead to complete compromise of the WordPress site and potentially the underlying server. The attacker could gain access to critical system information, modify files, or execute malicious code if the retrieved files contain sensitive data or scripts.
This vulnerability was publicly disclosed on 2025-10-22. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The CVSS score of 8.6 (HIGH) indicates a significant risk, and it is likely to attract attention from malicious actors. Monitor security advisories and threat intelligence feeds for updates.
WordPress websites utilizing the WP Pipes plugin, particularly those running older versions (0.0.0 - 1.4.3), are at risk. Shared hosting environments where users have limited control over plugin configurations are also particularly vulnerable, as they may not be able to quickly apply updates or implement workarounds.
• wordpress / composer / npm:
grep -r "../" /var/www/html/wp-content/plugins/wp-pipes/• generic web:
curl -I 'http://your-wordpress-site.com/wp-content/plugins/wp-pipes/wp-pipes.php?file=../../../../etc/passwd' # Check for file disclosuredisclosure
Exploit-Status
EPSS
0.08% (24% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-60227 is to upgrade WP Pipes to a patched version as soon as it becomes available. Until the patch is released, consider implementing temporary workarounds. These might include restricting file access permissions on the server, implementing a Web Application Firewall (WAF) rule to block suspicious file path manipulation attempts, or disabling the WP Pipes plugin entirely if it is not essential. Regularly monitor server logs for any unusual file access attempts.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Schwachstelle im Detail und setzen Sie Schutzmaßnahmen basierend auf der Risikobereitschaft Ihrer Organisation um. Es kann am besten sein, die betroffene Software zu deinstallieren und einen Ersatz zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-60227 is a HIGH severity vulnerability in WP Pipes allowing attackers to read arbitrary files on a WordPress server. It affects versions 0.0.0 through 1.4.3.
You are affected if your WordPress site uses WP Pipes version 0.0.0 to 1.4.3. Check your plugin versions immediately.
Upgrade WP Pipes to the latest available version as soon as a patch is released by the vendor. Until then, consider WAF rules or restricting file access permissions.
Currently, there are no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Check the ThimPress website and WordPress plugin repository for updates and advisories related to CVE-2025-60227.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.