Description
Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through <= 2.4.1.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized data disclosure or modification due to broken access control
Action: Patch
AI Analysis

Impact

A missing authorization check in the Agile Logix Post Timeline plugin allows attackers to bypass configured access control levels. The vulnerability makes it possible to access or alter post‑timeline data that should be restricted, potentially exposing sensitive content or changing site state without proper privileges. The weakness corresponds to CWE‑862, indicating a direct flaw in access control enforcement.

Affected Systems

The affected product is the Agile Logix “Post Timeline” WordPress plugin. All releases from the earliest noted versions up through 2.4.1 are impacted; any installation using a version equal to or older than 2.4.1 is vulnerable.

Risk and Exploitability

The CVSS score is 5.3, indicating a moderate severity. The EPSS score is less than 1 %, suggesting a low likelihood of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. Based on the description it is inferred that the attack vector requires in‑application access; an attacker with the ability to send crafted requests to the plugin endpoints could potentially exploit the missing access control to read or modify posts. Precise exploitation prerequisites are not detailed in the data.

Generated by OpenCVE AI on March 19, 2026 at 15:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Post Timeline to a version newer than 2.4.1 if an update is available
  • If an upgrade is not possible, disable the Post Timeline plugin until a patch is released
  • Check the vendor’s website or the WP plugin repository regularly for security updates or vendor advisories

Generated by OpenCVE AI on March 19, 2026 at 15:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Agilelogix
Agilelogix post Timeline
Wordpress
Wordpress wordpress
Vendors & Products Agilelogix
Agilelogix post Timeline
Wordpress
Wordpress wordpress

Sat, 14 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Agile Logix Post Timeline post-timeline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Timeline: from n/a through <= 2.4.1.
Title WordPress Post Timeline plugin <= 2.4.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Agilelogix Post Timeline
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:13.894Z

Reserved: 2026-03-12T11:11:26.570Z

Link: CVE-2026-32421

cve-icon Vulnrichment

Updated: 2026-03-13T18:46:11.487Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:59.883

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32421

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:03:43Z

Weaknesses