Description
WordPress Plugin Cool Timeline (Horizontal & Vertical Timeline) is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Cool Timeline (Horizontal & Vertical Timeline) version 2.0.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.3 or latest
References
https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/
https://plugins.svn.wordpress.org/cool-timeline/trunk/readme.txt
Related Vulnerabilities
Moodle Missing Authorization Vulnerability (CVE-2019-10187)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4066)
Joomla! Core 3.9.x Cross-Site Scripting (3.9.0 - 3.9.20)
WordPress Plugin eCommerce Product Catalog for WordPress Cross-Site Scripting (3.0.38)
OpenSSL Resource Management Errors Vulnerability (CVE-2011-3210)