Post Timeline
Monthly
Post Timeline versions 2.4.1 and earlier contain a missing authorization flaw that allows unauthenticated remote attackers to modify data by exploiting improperly configured access controls. The vulnerability enables integrity compromise without requiring user interaction or special privileges. No patch is currently available for this issue.
The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Post Timeline versions 2.4.1 and earlier contain a missing authorization flaw that allows unauthenticated remote attackers to modify data by exploiting improperly configured access controls. The vulnerability enables integrity compromise without requiring user interaction or special privileges. No patch is currently available for this issue.
The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.