Does Bold Timeline Lite have any unpatched vulnerabilities?

No. All known vulnerabilities in Bold Timeline Lite have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Bold Timeline Lite compatible with WordPress 6.9.4?

According to WordPress.org data, Bold Timeline Lite 1.2.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Bold Timeline Lite updated?

Bold Timeline Lite was last updated on Dec 11, 2025. Frequent updates are generally a positive security signal.

What is Bold Timeline Lite's security score?

Bold Timeline Lite has a WP-Safety security score of 95/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bold Timeline Lite Security & Risk Analysis

wordpress.org/plugins/bold-timeline-lite

Bold Timeline Lite – WordPress Timeline Plugin

10K active installs v1.2.8 PHP + WP 4.5+ Updated Dec 11, 2025

company-timelineevent-timelinehistoryhorizontal-timelinetimeline

A · Safe

CVEs total5

Unpatched0

Last CVEDec 27, 2025

Download

Safety Verdict

Is Bold Timeline Lite Safe to Use in 2026?

Generally Safe

Score 95/100

Bold Timeline Lite has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 27, 2025Updated 3mo ago

Risk Assessment

The 'bold-timeline-lite' plugin v1.2.8 presents a mixed security posture. While it demonstrates strengths in SQL query handling with 100% prepared statements and a solid number of capability checks (9), concerns arise from its attack surface and historical vulnerability patterns. The presence of one AJAX handler without authentication checks is a significant risk, representing a direct entry point that could be exploited by unauthenticated users. The plugin also has a history of 5 medium-severity vulnerabilities, primarily related to Cross-site Scripting and Missing Authorization. Although no critical or high-severity vulnerabilities are currently unpatched, this history suggests a recurring tendency for issues related to input sanitization and access control. The static analysis shows a generally good approach to output escaping (70% proper), but this is overshadowed by the unprotected AJAX endpoint and the past incidents. While the taint analysis shows no critical or high-severity unsanitized flows, the overall risk is elevated due to the unprotected entry point and the historical precedent of security flaws.

Key Concerns

Unprotected AJAX handler
Historical medium severity vulnerabilities (5 total)
Historical XSS and Missing Authorization issues

Vulnerabilities

Bold Timeline Lite Security Vulnerabilities

CVEs by Year

2 CVEs in 2023

2023

1 CVE in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

5 total CVEs

CVE-2025-68513medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bold Timeline Lite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 27, 2025 Patched in 1.2.8 (10d)

CVE-2025-14032medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bold Timeline Lite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode

Dec 11, 2025 Patched in 1.2.8 (1d)

CVE-2024-43294medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bold Timeline Lite <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 16, 2024 Patched in 1.2.1 (4d)

CVE-2023-45110medium · 4.3Missing Authorization

Bold Timeline Lite <= 1.1.9 - Missing Authorization to Admin Notice Dismissal

Oct 6, 2023 Patched in 1.2.0 (195d)

CVE-2022-4828medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bold Timeline Lite <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 3, 2023 Patched in 1.1.5 (385d)

Code Analysis

Analyzed Mar 16, 2026

Bold Timeline Lite Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

101 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

70% escaped145 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

admin_management_page (bold-builder-light\bold-builder-light.php:486)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Bold Timeline Lite Attack Surface

Entry Points5

Unprotected1

AJAX Handlers 1

authwp_ajax_bold_timeline_lite_dismiss_notice_callto_action_snoozebold-timeline-lite.php:19

Shortcodes 4

[bold_timeline_container] content_elements\bold_timeline_container\bold_timeline_container.php:7

[bold_timeline_group] content_elements\bold_timeline_group\bold_timeline_group.php:7

[bold_timeline_item] content_elements\bold_timeline_item\bold_timeline_item.php:7

[bold_timeline_item_text] content_elements\bold_timeline_item_text\bold_timeline_item_text.php:7

WordPress Hooks 31

actionadmin_bar_initassets-general\php\bb\index.php:5

actioninitassets-general\php\page-builder-elements\bt_bb_bold_timeline.php:75

actionelementor/elements/categories_registeredassets-general\php\page-builder-elements\elementor.php:18

actionelementor/widgets/registerassets-general\php\page-builder-elements\elementor.php:31

actionadmin_enqueue_scriptsbold-builder-light\bold-builder-light.php:85

actionadmin_headbold-builder-light\bold-builder-light.php:86

actionadmin_footerbold-builder-light\bold-builder-light.php:87

actionadmin_footerbold-builder-light\bold-builder-light.php:88

actionadmin_menubold-builder-light\bold-builder-light.php:89

actionadmin_noticesbold-builder-light\bold-builder-light.php:90

actioninitbold-builder-light\bold-builder-light.php:91

actionwp_loadedbold-builder-light\bold-builder-light.php:92

actionwp_enqueue_scriptsbold-builder-light\bold-builder-light.php:96

actionadmin_footerbold-builder-light\bold-builder-light.php:296

actionadmin_noticesbold-timeline-lite-notice.php:6

actionadmin_print_scriptsbold-timeline-lite-notice.php:7

actionadmin_enqueue_scriptsbold-timeline-lite-notice.php:8

actioncurrent_screenbold-timeline-lite-notice.php:106

actioninitbold-timeline-lite.php:28

actioninitbold-timeline-lite.php:72

actionwp_enqueue_scriptsbold-timeline-lite.php:127

actionadmin_enqueue_scriptsbold-timeline-lite.php:137

actioninitbold-timeline-lite.php:148

actioninitbold-timeline-lite.php:159

actionwp_footerbold-timeline-lite.php:182

actionwp_headbold-timeline-lite.php:303

actionadmin_enqueue_scriptsbold-timeline-lite.php:315

actionwp_loadedcontent_elements\bold_timeline_container\bold_timeline_container.php:96

actionwp_loadedcontent_elements\bold_timeline_group\bold_timeline_group.php:79

actionwp_loadedcontent_elements\bold_timeline_item\bold_timeline_item.php:132

actionwp_loadedcontent_elements\bold_timeline_item_text\bold_timeline_item_text.php:48

Maintenance & Trust

Bold Timeline Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 11, 2025

PHP min version

Downloads206K

Community Trust

Rating60/100

Number of ratings2

Active installs10K

Alternatives

Bold Timeline Lite Alternatives

History Timeline for Biography, Company History & Event Timeline

timeline-awesome

Create animated horizontal and vertical timeline under 5 minutes for personal history, company timeline and event story timeline

1K 2 unpatched

Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline)

timeline-widget-addon-for-elementor

100

Highlight your company’s history, milestones, and key events directly inside Elementor using stunning vertical and horizontal timelines.

70K 1 CVE

Cool Timeline (Horizontal & Vertical Timeline)

cool-timeline

100

Showcase your story or company history, events, and roadmap in an interactive timeline using the powerful Cool Timeline plugin.

20K 1 CVE

Timeline and History slider

timeline-and-history-slider

Timeline Plugin for WordPress. Easy to add and display history OR timeline for your WordPress website. Also work with Gutenberg shortcode block.

5K 1 CVE

Timeline Module for Divi

timeline-module-for-divi

100

Highlight your company's history, milestones, and future plans with the advanced Timeline Module for Divi.

2K No CVEs

Developer Profile

Bold Timeline Lite Developer Profile

boldthemes

8 plugins · 69K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

118 days

View full developer profile

Detection Fingerprints

How We Detect Bold Timeline Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bold-timeline-lite/style.css/wp-content/plugins/bold-timeline-lite/assets/js/bold-timeline.js

Script Paths

/wp-content/plugins/bold-timeline-lite/assets/js/bold-timeline.js

Version Parameters

bold-timeline-lite/style.css?ver=bold-timeline-lite/assets/js/bold-timeline.js?ver=

HTML / DOM Fingerprints

CSS Classes

bold-timeline-itembt-timeline-iconbt-timeline-contentbt-timeline-datebt-timeline-titlebt-timeline-textbold-timeline-groupbt-timeline-group-header+2 more

Data Attributes

data-bt-timeline-iddata-bt-timeline-style

JS Globals

Bold_Timeline

Shortcode Output

[bold_timeline[bt_bb_timeline

FAQ