Description
WordPress Plugin Cool Timeline (Horizontal & Vertical Timeline) is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently download and extract a remote ZIP file on the blog, which can lead to remote code execution. WordPress Plugin Cool Timeline (Horizontal & Vertical Timeline) version 2.3.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.4 or latest
References
https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/
https://plugins.svn.wordpress.org/cool-timeline/trunk/readme.txt
Related Vulnerabilities
PHP Improper Input Validation Vulnerability (CVE-2025-1734)
Internet Information Services Other Vulnerability (CVE-1999-0012)
Atlassian Jira CVE-2019-20402 Vulnerability (CVE-2019-20402)
Apache HTTP Server CVE-2004-0809 Vulnerability (CVE-2004-0809)
WordPress Plugin WP HTML Sitemap Cross-Site Request Forgery (1.2)