CVE-2023-4284

Name of the Vulnerable Software and Affected Versions The Post Timeline WordPress plugin versions prior to 2.2.6

Description The issue is related to a Reflected Cross-Site Scripting that could be used against high privilege users, such as admin. This occurs because the plugin does not sanitise and escape an invalid nonce before outputting it back in an AJAX response.

Recommendations For versions prior to 2.2.6, update to version 2.2.6 or later to resolve the issue. As a temporary workaround, consider restricting access to AJAX responses that may contain invalid nonces to minimize the risk of exploitation.