CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47322 – WordPress WP Timeline plugin <= 3.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47322
25 Sep 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows Reflected XSS.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7. The WP Timeline – Vertical and Horizontal timeline plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.6.7 due to insufficient input sanitization and output esc... • https://patchstack.com/database/vulnerability/wp-timelines/wordpress-wp-timeline-plugin-3-6-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47324 – WordPress WP Timeline plugin <= 3.6.7 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-47324
25 Sep 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7. The wp-timelines plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to inclu... • https://patchstack.com/database/vulnerability/wp-timelines/wordpress-wp-timeline-plugin-3-6-7-local-file-inclusion-vulnerability-2?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47323 – WordPress WP Timeline plugin <= 3.6.7 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-47323
25 Sep 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7. The WP Timeline – Vertical and Horizontal timeline plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.7. This makes it possible for unauthenticated attackers to incl... • https://patchstack.com/database/vulnerability/wp-timelines/wordpress-wp-timeline-plugin-3-6-7-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •