Description
WordPress Plugin Cool Timeline (Horizontal & Vertical Timeline) is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently download and extract a remote ZIP file on the blog, which can lead to remote code execution. WordPress Plugin Cool Timeline (Horizontal & Vertical Timeline) version 2.3.3 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.4 or latest
References
https://blog.nintechnet.com/8-wordpress-plugins-fixed-high-severity-vulnerability/
https://plugins.svn.wordpress.org/cool-timeline/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin URL Cloak & Encrypt Cross-Site Scripting (2.0)
WordPress Plugin OMGF-Host Google Fonts Locally Multiple Vulnerabilities (4.5.3)
Oracle JRE CVE-2022-21624 Vulnerability (CVE-2022-21624)
WordPress Plugin Testimonial Slider Cross-Site Scripting (1.2.1)
MediaWiki Use of Insufficiently Random Values Vulnerability (CVE-2023-22912)