← Back

Cool Timeline

cool_timeline

Vendor: Coolplugins • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Coolplugins
1Cool Timeline
Jun 17, 2026
Jul 1, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl...Show more
The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
2Coolplugins
Cryptocurrency Payment & Donation Box Plugins
10Cool Timeline
Cryptocurrency Payment & Donation BoxCryptocurrency Widgets+7 more
Jun 17, 2026
Jun 7, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a sub...Show more
Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.Show less