Timelines Security & Risk Analysis
wordpress.org/plugins/timelinejsTimelineJS is an open-source tool that enables you to build visually-rich interactive timelines and is available in 40 languages.
Is Timelines Safe to Use in 2026?
Generally Safe
Score 85/100Timelines has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "timelinejs" v1.05 plugin exhibits a mixed security posture. On the positive side, it demonstrates a commendable avoidance of dangerous functions, raw SQL queries, file operations, and external HTTP requests. Furthermore, there is no recorded vulnerability history, which suggests a history of diligent security practices or a lack of targeted attacks. However, significant concerns arise from the static analysis, particularly regarding output escaping, where only 6% of the 49 identified outputs are properly escaped. This indicates a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website through user-generated content displayed by the plugin.
The lack of capability checks and nonce checks, while not directly flagged as issues in the absence of AJAX handlers or REST API routes, represents a missed opportunity for robust authorization and protection against Cross-Site Request Forgery (CSRF) if such entry points were to be introduced in future updates. The total entry points are limited to two shortcodes, and none are explicitly marked as unprotected, which is a positive aspect of its current attack surface. Despite the lack of known CVEs, the pervasive issue with output escaping presents a notable security weakness that requires immediate attention.
Key Concerns
- Low percentage of properly escaped output
- No capability checks implemented
- No nonce checks implemented
Timelines Security Vulnerabilities
Timelines Code Analysis
Output Escaping
Timelines Attack Surface
Shortcodes 2
WordPress Hooks 10
Maintenance & Trust
Timelines Maintenance & Trust
Maintenance Signals
Community Trust
Timelines Alternatives
My Twitter Timelines
my-twitter-timelines
My Twitter Timelines is an all-in-one Twitter widget. With this widget, you can display the following: Twitter user timelines, User favorites, Search …
Flows
flows
Flows lets you easily show your business processes, software process, or workflow in a creative responsive design template.
Jeba Horizontal Timeline
jeba-horizontal-timeline
Jeba Horizontal Timeline is an awesome Horizontal Timeline, super lightweight plugin for your wordpress website.
Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline)
timeline-widget-addon-for-elementor
Highlight your company’s history, milestones, and key events directly inside Elementor using stunning vertical and horizontal timelines.
Cool Timeline (Horizontal & Vertical Timeline)
cool-timeline
Showcase your story or company history, events, and roadmap in an interactive timeline using the powerful Cool Timeline plugin.
Timelines Developer Profile
14 plugins · 740 total installs
How We Detect Timelines
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/timelinejs/templates/timeline-javascript-template.phphttps://cdn.knightlab.com/libs/timeline3/latest/js/timeline.jsHTML / DOM Fingerprints
tl-mediatl-texttl-titletl-contenttl-datetl-timeline-wrapdata-timeline-titledata-timeline-textdata-timeline-media-urldata-timeline-media-captiondata-timeline-media-creditdata-timeline-scale+1 moreTimeline<div id="timeline-</div>