CVE-2022-1324

The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2022-1324

The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

PT-2022-13798 · WordPress · Event Timeline Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Event Timeline WordPress plugin versions 1.1.5 and earlier Description: The issue allows high-privileged users, such as admins, to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of Timeline Text, even when...

WordPress Event Timeline plugin <= 1.1.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Event Timeline plugin versions = 1.1.6. Solution No patched version available...

WordPress Knight Lab Timeline plugin <= 3.6.3.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability vulnerable TimelineJS library version discovered in WordPress Knight Lab Timeline plugin versions = 3.6.3.0. Solution Update the WordPress Knight Lab Timeline plugin to the latest available version at least 3.7.0.0...

Sql injection

Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 timeline parameter in contenttimelineclass.php; or the id parameter to 2 pages/contenttimelineedit.php or 3 pages/contenttimelineindex.php...

CVE-2017-14507

CVE-2017-14507 : Multiple blind SQL injection vulnerabilities in the WordPress plugin “Content Timeline” (versions up to 4.4.2) allow remote attackers to execute arbitrary SQL via GET parameters, specifically the timeline parameter in content_timeline_class.php and the id parameter in pages/conte...

CVE-2017-14507

Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 timeline parameter in contenttimelineclass.php; or the id parameter to 2 pages/contenttimelineedit.php or 3 pages/contenttimelineindex.php...

SocialEngine Timeline Plugin 4.2.5p9 - Arbitrary File Upload

No description provided by source...

CVE-2013-4898

Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

Unrestricted file upload

Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

CVE-2013-4898

CVE-2013-4898 : Unrestricted file upload in SocialEngine Timeline Plugin 4.2.5p9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then retrieving it from public/temporary/timeline/. The vulnerability stems from accepting uploaded files ...

CVE-2013-4898

Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

SocialEngine 4.5 Shell Upload

INTRODUCTION ------------------------------------------------------------- The plugin has the objective give you a better visual for the user profile, allowed the addition of cover image keeping the layout closest to the style of modern social networks, among other features. + DESCRIPTION OF...

SocialEngine Timeline Plugin 4.2.5p9 - Arbitrary File Upload

SocialEngine Timeline Plugin 4.2.5p9 - Arbitrary File Upload Exploit Title: Sending php file in the timeline plugin cover image of SocialEngine 4.5 Date: 2013-08-17 Discovered by: Wesley Henrique Leite aka "spyk2r" Vendor Homepage: http://webhive.com.ua/ Software Link:...