Description
The Bold Timeline Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'bold_timeline_group' shortcode in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2025-12-12
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross‑Site Scripting enabling script execution for authenticated users with Contributor level access or higher
Action: Patch
AI Analysis

Impact

The vulnerability resides in the Bold Timeline Lite WordPress plugin and allows a stored XSS flaw through the 'title' parameter of the 'bold_timeline_group' shortcode. Because input is not properly sanitized or escaped, an attacker who can authenticate to the site with at least Contributor privileges can inject arbitrary JavaScript that will execute in the browsers of any user who views the affected content, leading to defacement, data theft, or session hijacking.

Affected Systems

Bold Timeline Lite plugin for WordPress versions up to and including 1.2.7. Sites that have installed this plugin and provide Contributor or higher level accounts are affected.

Risk and Exploitability

The CVSS score of 6.4 indicates moderate severity. With an EPSS score of less than 1% the likelihood of public exploitation is low, and the vulnerability is not listed in CISA’s KEV catalog. However, the requirement of authenticated access means that risk is confined to insiders or compromised contributor accounts; once an attacker achieves this level of access, the stored XSS can be leveraged across all visitors to the site.

Generated by OpenCVE AI on April 21, 2026 at 17:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Bold Timeline Lite to the latest release that removes the vulnerability
  • Scan the database and clean any crafted 'title' entries that contain malicious scripts
  • Limit Contributor role privileges or disable the shortcode for non‑administrator users

Generated by OpenCVE AI on April 21, 2026 at 17:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
References

Mon, 15 Dec 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 12 Dec 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Bold-themes
Bold-themes bold Timeline Lite
Wordpress
Wordpress wordpress
Vendors & Products Bold-themes
Bold-themes bold Timeline Lite
Wordpress
Wordpress wordpress

Fri, 12 Dec 2025 03:45:00 +0000

Type Values Removed Values Added
Description The Bold Timeline Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'bold_timeline_group' shortcode in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Title Bold Timeline Lite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Bold-themes Bold Timeline Lite
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:04:18.373Z

Reserved: 2025-12-04T14:51:08.678Z

Link: CVE-2025-14032

cve-icon Vulnrichment

Updated: 2025-12-12T20:14:34.036Z

cve-icon NVD

Status : Deferred

Published: 2025-12-12T04:15:46.040

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-14032

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T17:30:37Z

Weaknesses