Does Cool Timeline (Horizontal & Vertical Timeline) have any unpatched vulnerabilities?

No. All known vulnerabilities in Cool Timeline (Horizontal & Vertical Timeline) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Cool Timeline (Horizontal & Vertical Timeline) compatible with WordPress 6.9.4?

According to WordPress.org data, Cool Timeline (Horizontal & Vertical Timeline) 3.3.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Cool Timeline (Horizontal & Vertical Timeline) compatible with PHP 5.6+?

Cool Timeline (Horizontal & Vertical Timeline) requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Cool Timeline (Horizontal & Vertical Timeline) updated?

Cool Timeline (Horizontal & Vertical Timeline) was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is Cool Timeline (Horizontal & Vertical Timeline)'s security score?

Cool Timeline (Horizontal & Vertical Timeline) has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Cool Timeline (Horizontal & Vertical Timeline) Security & Risk Analysis

wordpress.org/plugins/cool-timeline

Showcase your story or company history, events, and roadmap in an interactive timeline using the powerful Cool Timeline plugin.

20K active installs v3.3.0 PHP 5.6+ WP 5.0+ Updated Mar 12, 2026

historyhorizontal-timelineroadmaptimelinevertical-timeline

A · Safe

CVEs total1

Unpatched0

Last CVESep 16, 2020

Plugin page Download

Safety Verdict

Is Cool Timeline (Horizontal & Vertical Timeline) Safe to Use in 2026?

Generally Safe

Score 100/100

Cool Timeline (Horizontal & Vertical Timeline) has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 16, 2020Updated 22d ago

Risk Assessment

This plugin exhibits a generally good security posture based on the provided static analysis. The absence of critical or high severity taint flows, the exclusive use of prepared statements for SQL queries, and a high percentage of properly escaped output are all positive indicators. The significant number of nonce and capability checks further suggest an effort to secure its entry points. However, the presence of one medium severity CVE in its history, even though currently patched, warrants attention as it indicates past vulnerabilities. The fact that the last vulnerability was in 2020 suggests a lack of recent security focus or updates, which could be a concern if new vulnerabilities have emerged and not been addressed. While the attack surface appears to be protected by checks, the volume of AJAX handlers presents a potential area for future vulnerabilities if not meticulously maintained.

Key Concerns

Medium severity CVE found in history
12 AJAX handlers, potential for future vulnerabilities
2 external HTTP requests, potential for SSRF/injection

Vulnerabilities

Cool Timeline (Horizontal & Vertical Timeline) Security Vulnerabilities

CVEs by Year

1 CVE in 2020

2020

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2020-36738medium · 4.3Cross-Site Request Forgery (CSRF)

Cool Timeline (Horizontal & Vertical Timeline) <= 2.0.2 - Cross-Site Request Forgery Bypass

Sep 16, 2020 Patched in 2.0.3 (1224d)

Code Analysis

Analyzed Mar 16, 2026

Cool Timeline (Horizontal & Vertical Timeline) Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

300

984 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared3 total queries

Output Escaping

77% escaped1284 total outputs

Data Flows

All sanitized

Data Flow Analysis

6 flows

csf_export (admin\codestar-framework\functions\actions.php:75)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Cool Timeline (Horizontal & Vertical Timeline) Attack Surface

Entry Points13

Unprotected0

AJAX Handlers 12

authwp_ajax_ctl_migrate_storiesadmin\class-migration.php:17

authwp_ajax_csf-get-iconsadmin\codestar-framework\functions\actions.php:62

authwp_ajax_csf-exportadmin\codestar-framework\functions\actions.php:102

authwp_ajax_csf-importadmin\codestar-framework\functions\actions.php:143

authwp_ajax_csf-resetadmin\codestar-framework\functions\actions.php:172

authwp_ajax_csf-chosenadmin\codestar-framework\functions\actions.php:217

authwp_ajax_cpfm_handle_opt_inadmin\cpfm-feedback\cpfm-feedback-notice.php:13

authwp_ajax_ctl_install_pluginadmin\marketing\ctl-marketing.php:30

authwp_ajax_ctl_admin_notice_dismissadmin\notices\admin-notices.php:118

authwp_ajax_ctl_admin_review_notice_dismissadmin\notices\admin-notices.php:119

authwp_ajax_ctl_dashboard_install_pluginadmin\timeline-addon-page\timeline-addon-page.php:172

authwp_ajax_get_shortcode_previewincludes\shortcodes\class-ctl-ajax-handler.php:52

Shortcodes 1

[cool-timeline] includes\shortcodes\class-ctl-shortcode.php:108

WordPress Hooks 92

actionadmin_initadmin\class-migration.php:15

actionadmin_initadmin\class-migration.php:16

actioninitadmin\class.cool-timeline-posttype.php:14

filtermanage_edit-cool_timeline_columnsadmin\class.cool-timeline-posttype.php:15

actionmanage_cool_timeline_posts_custom_columnadmin\class.cool-timeline-posttype.php:16

filterdisplay_post_statesadmin\class.cool-timeline-posttype.php:17

actionpost_submitbox_misc_actionsadmin\class.cool-timeline-posttype.php:19

actionwp_enqueue_scriptsadmin\codestar-framework\classes\abstract.class.php:21

actionadmin_menuadmin\codestar-framework\classes\admin-options.class.php:110

actionadmin_bar_menuadmin\codestar-framework\classes\admin-options.class.php:111

actionnetwork_admin_menuadmin\codestar-framework\classes\admin-options.class.php:115

filteradmin_footer_textadmin\codestar-framework\classes\admin-options.class.php:513

actionadd_meta_boxes_commentadmin\codestar-framework\classes\comment-options.class.php:41

actionedit_commentadmin\codestar-framework\classes\comment-options.class.php:42

actioncustomize_registeradmin\codestar-framework\classes\customize-options.class.php:46

actioncustomize_save_afteradmin\codestar-framework\classes\customize-options.class.php:47

actionwp_enqueue_scriptsadmin\codestar-framework\classes\customize-options.class.php:51

actionadd_meta_boxesadmin\codestar-framework\classes\metabox-options.class.php:57

actionsave_postadmin\codestar-framework\classes\metabox-options.class.php:58

actionedit_attachmentadmin\codestar-framework\classes\metabox-options.class.php:59

actionwp_nav_menu_item_custom_fieldsadmin\codestar-framework\classes\nav-menu-options.class.php:33

actionwp_update_nav_menu_itemadmin\codestar-framework\classes\nav-menu-options.class.php:34

filterwp_edit_nav_menu_walkeradmin\codestar-framework\classes\nav-menu-options.class.php:36

actionadmin_initadmin\codestar-framework\classes\profile-options.class.php:33

actionshow_user_profileadmin\codestar-framework\classes\profile-options.class.php:45

actionedit_user_profileadmin\codestar-framework\classes\profile-options.class.php:46

actionpersonal_options_updateadmin\codestar-framework\classes\profile-options.class.php:48

actionedit_user_profile_updateadmin\codestar-framework\classes\profile-options.class.php:49

actionafter_setup_themeadmin\codestar-framework\classes\setup.class.php:75

actioninitadmin\codestar-framework\classes\setup.class.php:76

actionswitch_themeadmin\codestar-framework\classes\setup.class.php:77

actionadmin_enqueue_scriptsadmin\codestar-framework\classes\setup.class.php:78

actionwp_enqueue_scriptsadmin\codestar-framework\classes\setup.class.php:79

actionwp_headadmin\codestar-framework\classes\setup.class.php:80

filteradmin_body_classadmin\codestar-framework\classes\setup.class.php:81

actionadmin_footeradmin\codestar-framework\classes\shortcode-options.class.php:50

actioncustomize_controls_print_footer_scriptsadmin\codestar-framework\classes\shortcode-options.class.php:51

actionelementor/editor/before_enqueue_scriptsadmin\codestar-framework\classes\shortcode-options.class.php:62

actionelementor/editor/footeradmin\codestar-framework\classes\shortcode-options.class.php:63

actionelementor/editor/footeradmin\codestar-framework\classes\shortcode-options.class.php:64

actionenqueue_block_editor_assetsadmin\codestar-framework\classes\shortcode-options.class.php:320

actionmedia_buttonsadmin\codestar-framework\classes\shortcode-options.class.php:324

actionadmin_initadmin\codestar-framework\classes\taxonomy-options.class.php:45

actionadmin_footeradmin\codestar-framework\fields\icon\icon.php:44

actioncustomize_controls_print_footer_scriptsadmin\codestar-framework\fields\icon\icon.php:45

actionadmin_print_footer_scriptsadmin\codestar-framework\fields\link\link.php:68

actionprint_default_editor_scriptsadmin\codestar-framework\fields\wp_editor\wp_editor.php:63

actionadmin_menuadmin\codestar-framework\views\welcome.php:21

filterplugin_action_linksadmin\codestar-framework\views\welcome.php:22

filterplugin_row_metaadmin\codestar-framework\views\welcome.php:23

actionadmin_initadmin\cpfm-feedback\cpfm-feedback-notice.php:11

actionadmin_enqueue_scriptsadmin\cpfm-feedback\cpfm-feedback-notice.php:12

actionadmin_footeradmin\cpfm-feedback\cpfm-feedback-notice.php:15

actionadmin_enqueue_scriptsadmin\cpfm-feedback\users-feedback.php:23

actionadmin_initadmin\cpfm-feedback\users-feedback.php:26

actionadmin_headadmin\cpfm-feedback\users-feedback.php:29

actionadmin_noticesadmin\ctl-admin-settings.php:35

actionadmin_print_stylesadmin\ctl-shortcode-generator.php:38

actionadmin_enqueue_scriptsadmin\ctl-shortcode-generator.php:39

actionadmin_initadmin\marketing\ctl-marketing.php:31

actionctl_after_timeline_headeradmin\notices\admin-notices.php:113

actionadmin_noticesadmin\notices\admin-notices.php:115

actionadmin_enqueue_scriptsadmin\notices\admin-notices.php:117

actionadmin_menuadmin\timeline-addon-page\timeline-addon-page.php:171

actionadmin_enqueue_scriptsadmin\timeline-addon-page\timeline-addon-page.php:173

actionadmin_noticesadmin\timeline-addon-page\timeline-addon-page.php:174

actionactivated_plugincooltimeline.php:72

actionplugins_loadedcooltimeline.php:74

actioninitcooltimeline.php:75

actioninitcooltimeline.php:77

actionsave_postcooltimeline.php:84

actionadmin_menucooltimeline.php:86

actionadmin_print_scriptscooltimeline.php:87

actionadmin_enqueue_scriptscooltimeline.php:88

actionwp_print_scriptscooltimeline.php:92

actioncsf_cool_timeline_settings_save_aftercooltimeline.php:104

actionadmin_noticescooltimeline.php:151

actioncpfm_register_noticecooltimeline.php:360

actioncpfm_after_opt_in_ctlcooltimeline.php:388

actioninitincludes\class-cool-vc-addon.php:16

actioninitincludes\class-stories-migration.php:17

actionenqueue_block_assetsincludes\cool-timeline-block\src\init.php:9

actionenqueue_block_editor_assetsincludes\cool-timeline-block\src\init.php:32

actionwp_headincludes\cool-timeline-block\src\init.php:47

actioninitincludes\cool-timeline-block\src\init.php:210

filtercron_schedulesincludes\cron\class-cron.php:16

actionctl_extra_data_updateincludes\cron\class-cron.php:17

actionenqueue_block_editor_assetsincludes\shortcode-blocks\ctl-block.php:9

actionplugins_loadedincludes\shortcode-blocks\ctl-block.php:40

actionwp_enqueue_scriptsincludes\shortcodes\class-ctl-assets-loader.php:41

actionwp_enqueue_scriptsincludes\shortcodes\class-ctl-assets-loader.php:43

actioninitincludes\shortcodes\class-ctl-shortcode.php:83

Scheduled Events 3

ctl_extra_data_update

Maintenance & Trust

Cool Timeline (Horizontal & Vertical Timeline) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version5.6

Downloads972K

Community Trust

Rating94/100

Number of ratings325

Active installs20K

Alternatives

Cool Timeline (Horizontal & Vertical Timeline) Alternatives

Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline)

timeline-widget-addon-for-elementor

100

Highlight your company’s history, milestones, and key events directly inside Elementor using stunning vertical and horizontal timelines.

70K 1 CVE

Timeline – Vertical and Horizontal Timeline Layouts

b-timeline

100

Create stunning vertical or horizontal timelines to showcase stories, events, milestones, and memories on any WordPress site — no coding needed.

2K No CVEs

Timeline Module for Divi

timeline-module-for-divi

100

Highlight your company's history, milestones, and future plans with the advanced Timeline Module for Divi.

2K No CVEs

Bold Timeline Lite

bold-timeline-lite

Bold Timeline Lite – WordPress Timeline Plugin

10K 5 CVEs

Timeline Block For Gutenberg

timeline-block

100

Showcase your company history, process steps, milestones, and roadmap inside Gutenberg using the powerful Timeline Block

9K No CVEs

Developer Profile

Cool Timeline (Horizontal & Vertical Timeline) Developer Profile

CoolHappy

12 plugins · 210K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

203 days

View full developer profile

Detection Fingerprints

How We Detect Cool Timeline (Horizontal & Vertical Timeline)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cool-timeline/admin/css/timeline_admin.css/wp-content/plugins/cool-timeline/admin/css/timeline-frontend.css/wp-content/plugins/cool-timeline/admin/js/timeline_admin.js/wp-content/plugins/cool-timeline/admin/js/timeline_frontend.js/wp-content/plugins/cool-timeline/assets/css/main.css/wp-content/plugins/cool-timeline/assets/css/timeline.css/wp-content/plugins/cool-timeline/assets/js/frontend.js/wp-content/plugins/cool-timeline/assets/js/frontend-scripts.js+1 more

Script Paths

/wp-content/plugins/cool-timeline/admin/js/timeline_admin.js/wp-content/plugins/cool-timeline/admin/js/timeline_frontend.js/wp-content/plugins/cool-timeline/assets/js/frontend.js/wp-content/plugins/cool-timeline/assets/js/frontend-scripts.js/wp-content/plugins/cool-timeline/includes/shortcode-blocks/src/block.js

Version Parameters

/wp-content/plugins/cool-timeline/admin/css/timeline_admin.css?ver=/wp-content/plugins/cool-timeline/admin/css/timeline-frontend.css?ver=/wp-content/plugins/cool-timeline/admin/js/timeline_admin.js?ver=/wp-content/plugins/cool-timeline/admin/js/timeline_frontend.js?ver=/wp-content/plugins/cool-timeline/assets/css/main.css?ver=/wp-content/plugins/cool-timeline/assets/css/timeline.css?ver=/wp-content/plugins/cool-timeline/assets/js/frontend.js?ver=/wp-content/plugins/cool-timeline/assets/js/frontend-scripts.js?ver=/wp-content/plugins/cool-timeline/includes/shortcode-blocks/src/block.js?ver=

HTML / DOM Fingerprints

CSS Classes

ctl-timelinectl-timeline-frontendctl-sliderctl-timeline-contentctl-timeline-containercool-timelinecool-timeline-block

HTML Comments

Data Attributes

data-settings

JS Globals

ctl_frontend_objcool_timeline_admin_objcool_timeline_settings_obj

REST Endpoints

/wp-json/cool-timeline/v1/get_timeline_posts/wp-json/cool-timeline/v1/timeline_data

Shortcode Output

[cool-timeline[cool_timeline_free_addon

FAQ