Does Timeline Designer have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Timeline Designer compatible with WordPress 6.8.5?

According to WordPress.org data, Timeline Designer 1.4.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Timeline Designer compatible with PHP 7.4+?

Timeline Designer requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Timeline Designer updated?

Timeline Designer was last updated on Aug 12, 2025. Frequent updates are generally a positive security signal.

What is Timeline Designer's security score?

Timeline Designer has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Timeline Designer Security & Risk Analysis

wordpress.org/plugins/timeline-designer

Timeline Designer helps you to create a beautiful layout for your blog post and custom post type which is based on timeline concept.

60 active installs v1.4.1 PHP 7.4+ WP 5.0+ Updated Aug 12, 2025

poststemplatetimeline-layout

A · Safe

CVEs total1

Unpatched0

Last CVEJan 6, 2025

Plugin page Download

Safety Verdict

Is Timeline Designer Safe to Use in 2026?

Generally Safe

Score 99/100

Timeline Designer has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 6, 2025Updated 9mo ago

Risk Assessment

The 'timeline-designer' plugin v1.4.1 exhibits a generally good security posture with strong output escaping (99%) and a low number of critical or high severity taint flows. The plugin also demonstrates a healthy use of nonces and prepared statements, with a significant majority of SQL queries utilizing them. However, there are notable areas of concern. The presence of 16 AJAX handlers, with 4 lacking proper authentication checks, represents a significant attack surface that could be exploited by unauthenticated users. While the vulnerability history shows only one medium severity CVE in the past, and it is now patched, the nature of that vulnerability (SQL Injection) coupled with the observed SQL query patterns warrants caution. The plugin's reliance on jQuery, while common, could also present a risk if the bundled library is outdated and contains known vulnerabilities.

Key Concerns

AJAX handlers without authentication
Past SQL Injection vulnerability
Bundled library (jQuery)

Vulnerabilities

1 published

Timeline Designer Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2024-11437medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Timeline Designer <= 1.4 - Authenticated (Admin+) SQL Injection

Jan 6, 2025 Patched in 1.4.1 (221d)

Version History

Timeline Designer Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Timeline Designer Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

3277 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

jQuery

SQL Query Safety

64% prepared25 total queries

Output Escaping

99% escaped3298 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

8 flows

save_cpts (admin\class-wtl-lite-custom-post-type.php:38)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Timeline Designer Attack Surface

Entry Points18

Unprotected4

AJAX Handlers 16

noprivwp_ajax_wtl_template_search_resultadmin\class-wp-timeline-lite-admin.php:103

authwp_ajax_wtl_template_search_resultadmin\class-wp-timeline-lite-admin.php:104

authwp_ajax_wtl_custom_post_taxonomy_display_settingsadmin\class-wp-timeline-lite-ajax.php:53

authwp_ajax_wtl_closed_boxesadmin\class-wp-timeline-lite-ajax.php:54

noprivwp_ajax_wtl_get_acf_field_listincludes\class-wp-timeline-lite-main.php:58

authwp_ajax_wtl_get_acf_field_listincludes\class-wp-timeline-lite-main.php:59

noprivwp_ajax_wtl_get_postsincludes\class-wp-timeline-lite-main.php:61

authwp_ajax_wtl_get_postsincludes\class-wp-timeline-lite-main.php:62

noprivwp_ajax_get_load_onscroll_blogincludes\class-wp-timeline-lite-main.php:70

authwp_ajax_get_load_onscroll_blogincludes\class-wp-timeline-lite-main.php:71

noprivwp_ajax_wtl_email_share_formincludes\class-wp-timeline-lite.php:117

authwp_ajax_wtl_email_share_formincludes\class-wp-timeline-lite.php:118

authwp_ajax_wtl_do_rest_layout_ajaxwp_timeline_templates\template-reset\class-wtl-lite-template-reset.php:26

noprivwp_ajax_wtl_do_rest_layout_ajaxwp_timeline_templates\template-reset\class-wtl-lite-template-reset.php:27

authwp_ajax_wtl_load_default_layout_ajaxwp_timeline_templates\template-reset\class-wtl-lite-template-reset.php:28

noprivwp_ajax_wtl_load_default_layout_ajaxwp_timeline_templates\template-reset\class-wtl-lite-template-reset.php:29

Shortcodes 2

[fsn_wp_timeline] admin\class-wp-timeline-lite-support.php:64

[wp_timeline_design] includes\class-wp-timeline-lite.php:111

WordPress Hooks 50

actionadmin_noticesadmin\class-wp-timeline-lite-admin.php:71

actionadmin_menuadmin\class-wp-timeline-lite-admin.php:91

actionadmin_initadmin\class-wp-timeline-lite-admin.php:92

actionadmin_initadmin\class-wp-timeline-lite-admin.php:93

actionadmin_initadmin\class-wp-timeline-lite-admin.php:94

actionadmin_initadmin\class-wp-timeline-lite-admin.php:95

actionadmin_initadmin\class-wp-timeline-lite-admin.php:96

actionadmin_initadmin\class-wp-timeline-lite-admin.php:97

actionadmin_initadmin\class-wp-timeline-lite-admin.php:98

actionadmin_initadmin\class-wp-timeline-lite-admin.php:99

actionadmin_headadmin\class-wp-timeline-lite-admin.php:100

actionadd_meta_boxesadmin\class-wp-timeline-lite-admin.php:101

actionsave_postadmin\class-wp-timeline-lite-admin.php:102

filterset-screen-optionadmin\class-wp-timeline-lite-admin.php:105

actionfl_builder_ui_panel_after_modulesadmin\class-wp-timeline-lite-support.php:55

actionfusion_builder_before_initadmin\class-wp-timeline-lite-support.php:59

actioninitadmin\class-wp-timeline-lite-support.php:63

actionadmin_initadmin\class-wtl-lite-custom-post-type.php:26

actioninitadmin\class-wtl-lite-custom-post-type.php:27

actionadmin_initadmin\class-wtl-lite-custom-post-type.php:28

actionadmin_initadmin\class-wtl-lite-custom-post-type.php:29

actionadmin_initadmin\class-wtl-lite-custom-post-type.php:30

actioninitincludes\class-wp-timeline-lite-main.php:57

filterwtl_hide_taxonomiesincludes\class-wp-timeline-lite-main.php:64

actionwtl_woo_sale_tagincludes\class-wp-timeline-lite-main.php:66

actionwtl_woo_product_detailsincludes\class-wp-timeline-lite-main.php:67

actionwtl_edd_product_detailsincludes\class-wp-timeline-lite-main.php:68

filterposts_whereincludes\class-wp-timeline-lite-main.php:596

filterwp_get_attachment_image_attributesincludes\class-wp-timeline-lite-main.php:1300

filterwp_get_attachment_image_attributesincludes\class-wp-timeline-lite-main.php:1354

filterthe_content_more_linkincludes\class-wp-timeline-lite-main.php:1608

actioninitincludes\class-wp-timeline-lite.php:110

actionwp_enqueue_scriptsincludes\class-wp-timeline-lite.php:112

actionwp_footerincludes\class-wp-timeline-lite.php:113

actionwp_headincludes\class-wp-timeline-lite.php:114

actionwp_footerincludes\class-wp-timeline-lite.php:115

actionplugins_loadedincludes\class-wp-timeline-lite.php:173

actionadmin_enqueue_scriptsincludes\class-wp-timeline-lite.php:184

actionadmin_enqueue_scriptsincludes\class-wp-timeline-lite.php:185

actionwp_enqueue_scriptsincludes\class-wp-timeline-lite.php:210

actionwp_enqueue_scriptsincludes\class-wp-timeline-lite.php:211

actionwp_headincludes\class-wp-timeline-lite.php:214

actionwp_footerincludes\class-wp-timeline-lite.php:387

filterget_post_gallerywp_timeline_templates\class-wtl-lite-template-config.php:27

filterwp_get_attachment_image_attributeswp_timeline_templates\class-wtl-lite-template-config.php:751

filterwtl_before_post_loopwp_timeline_templates\template-class\class-wtl-lite-template-advanced-layout.php:26

filterwp_get_attachment_image_attributeswp_timeline_templates\template-class\class-wtl-lite-template-advanced-layout.php:627

filterwp_get_attachment_image_attributeswp_timeline_templates\template-class\class-wtl-lite-template-curve-layout.php:286

filterwp_get_attachment_image_attributeswp_timeline_templates\template-class\class-wtl-lite-template-easy-layout.php:296

filterwp_get_attachment_image_attributeswp_timeline_templates\template-class\class-wtl-lite-template-fullwidth-layout.php:295

Maintenance & Trust

Timeline Designer Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 12, 2025

PHP min version7.4

Downloads7K

Community Trust

Rating20/100

Number of ratings1

Active installs60

Alternatives

Timeline Designer Alternatives

Single Post Template

single-post-template

Single Post Template adds the ability for your theme to include "Post Templates" in much the same way you can add "Page Templates" …

4K No CVEs

Custom Post Template By Templatic

templatic-singletemplate

The Templatic Single Template plugin provides the ability for your theme to include " Post Templates " in much the same way you add " P …

600 No CVEs

Timeline Blocks for Gutenberg

timeline-blocks

A beautiful timeline layout block to showcase your posts in timeline presentation.

500 1 CVE

Flexible Recent Posts

flexible-recent-posts

Displays recent posts using flexible template system. Define template for each post entry, set needed taxonomy and much more.

400 No CVEs

Count Posts in a Category, Tag, or Custom Taxonomy

count-posts-in-a-category

Adds a custom shortcode that returns the number of posts in a category, tag, or custom taxonomy. Accepts a slug (default), ID, or name as input and wo …

200 No CVEs

Developer Profile

Timeline Designer Developer Profile

solwininfotech

8 plugins · 14K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

642 days

View full developer profile

Detection Fingerprints

How We Detect Timeline Designer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/timeline-designer/public/css/font-awesome.min.css/wp-content/plugins/timeline-designer/admin/css/wp-timeline-admin.css/wp-content/plugins/timeline-designer/admin/css/admin-rtl.css/wp-content/plugins/timeline-designer/public/js/wp-timeline-admin.js/wp-content/plugins/timeline-designer/public/js/wp-timeline-public.js

Script Paths

/wp-content/plugins/timeline-designer/public/js/wp-timeline-admin.js/wp-content/plugins/timeline-designer/public/js/wp-timeline-public.js

Version Parameters

wp-timeline-admin.css?ver=wp-timeline-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-timeline-shortcodetimeline-designer-containersolwin-timelinewtl-admin-wrapwp-timeline-admin-pagewtl-layout-containerwtl-shortcode-list-wrapwtl-add-shortcode-wrap+3 more

HTML Comments

Data Attributes

data-timeline-iddata-design-type

JS Globals

wp_timeline_admin_localizewp_timeline_public_localize

Shortcode Output

[wp_timeline]

FAQ