Multiple Blind SQL Injection vulnerabilities found by Jeroen (ITNerdbox) in premium WordPress plugin - Content Timeline (<=4.4.2 ). It is possible to execute arbitrary SQL commands via the id parameter (content_timeline_class.php, content_timeline_edit.php, content_timeline_index.php).
We were unable to find any solution (last checked on October 3rd, 2017). Last available update according to the plugin changelog released on March 1st, 2017. We suggest to deactivate and uninstall the Content Timeline plugin until the patched version release.