CVE-2025-68513

Name of the Vulnerable Software and Affected Versions Bold Timeline Lite versions through 1.2.7

Description The Bold Timeline Lite plugin contains a flaw due to improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting (XSS) condition. This allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerability exists because the application does not properly sanitize user-supplied data before including it in the generated web page. This could allow an attacker to execute arbitrary JavaScript code in the context of a user's browser.

Recommendations Update Bold Timeline Lite to a version newer than 1.2.7.