Cross-site Scripting Vulnerability in Bold Timeline Lite by BoldThemes
CVE-2025-68513

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Bold Timeline Lite
Vendor: CVE Published:; 24 December 2025

What is CVE-2025-68513?

A Cross-site Scripting (XSS) vulnerability exists in Bold Timeline Lite by BoldThemes, which allows for the execution of arbitrary JavaScript code in the context of the user’s session. This vulnerability can be exploited if an attacker injects malicious scripts that are stored and executed within the application. Users with access to the affected versions (up to 1.2.7) are at risk, as this could enable unauthorized actions or data leaks within their WordPress sites. It is crucial for users to review their plugin versions and implement immediate updates or security measures to mitigate potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Bold Timeline Lite <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/bold-tim...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 24, 2025
Vulnerability Reserved
Dec 19, 2025

Credit

zaim | Patchstack Bug Bounty Program

JSON

WordPress