Reflected Cross-Site Scripting in Post Timeline WordPress Plugin
CVE-2024-13571

Currently unrated

Key Information:

Vendor: WordPress
Status: Post Timeline
Vendor: CVE Published:; 26 February 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Post Timeline plugin for WordPress, prior to version 2.3.10, contains a vulnerability that fails to properly sanitize and escape its input parameters. This oversight permits a reflected cross-site scripting (XSS) attack, posing a significant risk to users with elevated privileges, such as administrators. Attackers could potentially exploit this flaw to execute malicious scripts in the context of a victim's browser session, leading to data theft or unauthorized access.

Affected Version(s)

Post Timeline 0 < 2.3.10

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-13571 - Proof of Concept

References

https://wpscan.com/vulnerability/ad6ad44d-fdc3-494c-a371-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Feb 26, 2025
👾
Exploit known to exist
Feb 26, 2025
Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Jan 21, 2025

Credit

Hassan Khan Yusufzai - Splint3r7

WPScan