CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13571 – Post Timeline < 2.3.10 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13571
26 Feb 2025 — The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. • https://wpscan.com/vulnerability/ad6ad44d-fdc3-494c-a371-5d7959d1fd23 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24614 – WordPress Post Timeline Plugin <= 2.3.9 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-24614
29 Dec 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agileLogix Post Timeline allows Reflected XSS. This issue affects Post Timeline: from n/a through 2.3.9. The Post Timeline plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they... • https://patchstack.com/database/wordpress/plugin/post-timeline/vulnerability/wordpress-post-timeline-plugin-2-3-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 21%CPEs: 1EXPL: 1CVE-2023-4284 – Post Timeline < 2.2.6 - Reflected XSS
https://notcve.org/view.php?id=CVE-2023-4284
10 Aug 2023 — The Post Timeline WordPress plugin before 2.2.6 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin El plugin de WordPress Post Timeline anterior a la versión 2.2.6 no sanea y escapa de un nonce inválido antes de devolverlo en una respuesta AJAX, lo que lleva a un Reflected Cross-Site Scripting que podría ser utilizado contra usuarios con privilegios elevados co... • https://wpscan.com/vulnerability/1c126869-0afa-456f-94cc-10334964e5f9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •