WP-Safety

Timeline and History slider Security & Risk Analysis

wordpress.org/plugins/timeline-and-history-slider

Timeline Plugin for WordPress. Easy to add and display history OR timeline for your WordPress website. Also work with Gutenberg shortcode block.

5K active installs v2.4.5 PHP + WP 4.0+ Updated Feb 20, 2026
company-timelinehistory-timelinepersonal-timelineresponsive-timelinetimeline-slider
98
A · Safe
CVEs total1
Unpatched0
Last CVEAug 9, 2024
Plugin page Download
Safety Verdict

Is Timeline and History slider Safe to Use in 2026?

Generally Safe

Score 98/100

Timeline and History slider has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Aug 9, 2024Updated 1mo ago
Risk Assessment

The "timeline-and-history-slider" plugin v2.4.5 exhibits a mixed security posture. On the positive side, it demonstrates good practices with 100% of SQL queries using prepared statements and a strong percentage of output properly escaped. The total number of entry points is low, and there are no apparent unprotected AJAX handlers or REST API routes. The plugin also implements nonce and capability checks for its entry points, which is commendable.

However, there are significant concerns. The presence of the `unserialize` function is a known risk, as it can lead to deserialization vulnerabilities if the data being unserialized is not properly validated or controlled by an attacker. While the static analysis did not reveal any specific taint flows, the mere presence of this function warrants caution. The vulnerability history shows a past high-severity "PHP Remote File Inclusion" vulnerability, which is a serious issue. The fact that a high-severity vulnerability was patched relatively recently (indicated by the last vulnerability date) suggests a potential for recurring security weaknesses in the plugin's code.

Overall, while the plugin employs some good security measures like prepared statements and output escaping, the `unserialize` function and the past history of a severe vulnerability (RFI) introduce notable risks. The plugin is currently patched, but the underlying codebase might still harbor undiscovered vulnerabilities. Users should be aware of the potential risks associated with deserialization and the plugin's past security issues.

Key Concerns

  • Presence of dangerous function: unserialize
  • Past high severity vulnerability (RFI)
Vulnerabilities
1

Timeline and History slider Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2024-43232high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Timeline and History slider <= 2.3 - Authenticated (Contributor+) Local File Inclusion

Aug 9, 2024 Patched in 2.4 (5d)
Code Analysis
Analyzed Mar 16, 2026

Timeline and History slider Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
26
161 escaped
Nonce Checks
6
Capability Checks
6
File Operations
3
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$info = @unserialize($data);wpos-analytics\includes\class-anylc-admin.php:696

Output Escaping

86% escaped187 total outputs
Attack Surface

Timeline and History slider Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[th-slider] includes\shortcode\wpostahs-slider-shortcode.php:142
WordPress Hooks 33
actionadmin_menuincludes\admin\class-wpostahs-admin.php:19
actionadd_meta_boxesincludes\admin\class-wpostahs-admin.php:22
actionadmin_initincludes\admin\class-wpostahs-admin.php:25
filtermanage_wpostahs-slider-category_custom_columnincludes\admin\class-wpostahs-admin.php:28
filtermanage_edit-wpostahs-slider-category_columnsincludes\admin\class-wpostahs-admin.php:31
actioninitincludes\admin\supports\blocks\gutenberg-block.php:41
actionenqueue_block_editor_assetsincludes\admin\supports\blocks\gutenberg-block.php:58
filterblock_categories_allincludes\admin\supports\blocks\gutenberg-block.php:80
actionadmin_enqueue_scriptsincludes\class-wpostahs-script.php:20
actionwp_enqueue_scriptsincludes\class-wpostahs-script.php:23
actionwp_enqueue_scriptsincludes\class-wpostahs-script.php:26
actioninitincludes\wpostahs-slider-custom-post.php:58
actioninitincludes\wpostahs-slider-custom-post.php:91
actionplugins_loadedtimeline-and-history-slider.php:83
actionupdate_option_active_pluginstimeline-and-history-slider.php:119
actionadmin_noticestimeline-and-history-slider.php:175
actionadmin_menuwpos-analytics\includes\class-anylc-admin.php:45
actionadmin_menuwpos-analytics\includes\class-anylc-admin.php:48
actionadmin_initwpos-analytics\includes\class-anylc-admin.php:51
actionadmin_noticeswpos-analytics\includes\class-anylc-admin.php:54
actionadmin_footerwpos-analytics\includes\class-anylc-admin.php:57
actionwp_loadedwpos-analytics\includes\class-anylc-admin.php:60
actioninitwpos-analytics\includes\class-anylc-admin.php:63
filtercron_scheduleswpos-analytics\includes\class-anylc-admin.php:66
actionwpos_monthly_cron_hookwpos-analytics\includes\class-anylc-admin.php:69
actionrest_api_initwpos-analytics\includes\class-anylc-admin.php:72
filterrest_pre_serve_requestwpos-analytics\includes\class-anylc-admin.php:585
actionadmin_enqueue_scriptswpos-analytics\includes\class-anylc-script.php:20
actionactivated_pluginwpos-analytics\wpos-analytics.php:244
actionplugins_loadedwpos-analytics\wpos-analytics.php:258
actionadmin_menuwpos-plugins\includes\admin\class-espbw-admin.php:19
actionadmin_enqueue_scriptswpos-plugins\includes\class-espbw-script.php:19
actionplugins_loadedwpos-plugins\wpos-recommendation.php:185

Scheduled Events 1

wpos_monthly_cron_hook
Maintenance & Trust

Timeline and History slider Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 20, 2026
PHP min version
Downloads140K

Community Trust

Rating88/100
Number of ratings37
Active installs5K
Alternatives

Timeline and History slider Alternatives

Ultimate Timeline – Responsive History Timeline

Ultimate Timeline – Responsive History Timeline

ultimate-timeline

A
100

Ultimate Timeline plugin creates beautiful history time-lines on your website. It is responsive time-line showcase in DESC order based on posted date &hellip;

60 No CVEs
Bold Timeline Lite

Bold Timeline Lite

bold-timeline-lite

A
95

Bold Timeline Lite – WordPress Timeline Plugin

10K 5 CVEs
Event Timeline – Vertical Timeline

Event Timeline – Vertical Timeline

rich-event-timeline

C
64

Timeline plugin is fully responsive. Timeline Is awesome WordPress plugin with many useful features and effects.

1K 1 unpatched
History Timeline for Biography, Company History & Event Timeline

History Timeline for Biography, Company History & Event Timeline

timeline-awesome

D
48

Create animated horizontal and vertical timeline under 5 minutes for personal history, company timeline and event story timeline

1K 2 unpatched
Timeline Pro

Timeline Pro

timeline-pro

A
91

Timeline Pro is pure HTML & CSS timeline style grid for WordPress.

60 1 CVE
Developer Profile

Timeline and History slider Developer Profile

Essential Plugin

33 plugins · 205K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
219 days
View full developer profile
Detection Fingerprints

How We Detect Timeline and History slider

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/timeline-and-history-slider/assets/css/wpostahs-admin.css/wp-content/plugins/timeline-and-history-slider/assets/css/timeline-slider.css/wp-content/plugins/timeline-and-history-slider/assets/css/timeline-slider-responsive.css/wp-content/plugins/timeline-and-history-slider/assets/css/timeline-style.css/wp-content/plugins/timeline-and-history-slider/assets/js/timeline-slider.js/wp-content/plugins/timeline-and-history-slider/assets/js/timeline-slider-admin.js/wp-content/plugins/timeline-and-history-slider/assets/js/customizer.js/wp-content/plugins/timeline-and-history-slider/assets/js/timeline-script.js
Script Paths
/wp-content/plugins/timeline-and-history-slider/assets/js/timeline-slider.js/wp-content/plugins/timeline-and-history-slider/assets/js/timeline-slider-admin.js/wp-content/plugins/timeline-and-history-slider/assets/js/customizer.js/wp-content/plugins/timeline-and-history-slider/assets/js/timeline-script.js
Version Parameters
timeline-and-history-slider/assets/css/wpostahs-admin.css?ver=timeline-and-history-slider/assets/css/timeline-slider.css?ver=timeline-and-history-slider/assets/css/timeline-slider-responsive.css?ver=timeline-and-history-slider/assets/css/timeline-style.css?ver=timeline-and-history-slider/assets/js/timeline-slider.js?ver=timeline-and-history-slider/assets/js/timeline-slider-admin.js?ver=timeline-and-history-slider/assets/js/customizer.js?ver=timeline-and-history-slider/assets/js/timeline-script.js?ver=timeline-and-history-slider/assets/js/timeline-slider.js?ver=timeline-and-history-slider/assets/js/timeline-slider-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
tahs-timeline-slider-containertahs-timeline-slider-wraptahs-item-descriptiontahs-timeline-item-wraptahs-timeline-date-outerwraptahs-timeline-date-innerwraptahs-timeline-content-outerwraptahs-timeline-content-innerwrap+15 more
HTML Comments
<!-- Timeline Slider section ends -->
Data Attributes
data-typedata-itemdata-timeline-animationdata-layoutdata-aligndata-timeline-arrow+77 more
JS Globals
tahs_slider_params
Shortcode Output
[timeline-slider][timeline-slider id=""]
FAQ

Frequently Asked Questions about Timeline and History slider