Timelines Security & Risk Analysis
wordpress.org/plugins/timelinesAllows to create and publish timelines in your blog using Simile Timeline Widget [http://www.simile-widgets.org/timeline/].
Is Timelines Safe to Use in 2026?
Generally Safe
Score 85/100Timelines has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'timelines' v1.0 plugin exhibits a mixed security posture. On the positive side, the attack surface is minimal, with only one shortcode and no AJAX handlers or REST API routes exposed without proper authorization. Furthermore, there is no recorded history of vulnerabilities, suggesting a potentially stable codebase. However, the static analysis reveals significant concerns within the code itself.
The presence of the `create_function` function is a critical security risk, as it can be leveraged for code injection. The fact that 100% of SQL queries are not using prepared statements is another major red flag, making the plugin highly susceptible to SQL injection attacks. The extremely low percentage of properly escaped output (1%) indicates a widespread vulnerability to Cross-Site Scripting (XSS) attacks. The lack of nonce and capability checks, coupled with unsanitized paths in all analyzed taint flows, further amplifies these risks, providing multiple avenues for attackers to exploit the plugin.
While the absence of known CVEs is encouraging, it does not negate the critical flaws identified in the static analysis. The plugin's current state presents a substantial risk to WordPress sites due to its susceptibility to SQL injection, XSS, and potential arbitrary code execution. Immediate remediation of these identified issues is strongly recommended.
Key Concerns
- Presence of dangerous function: create_function
- 100% of SQL queries use raw SQL, no prepared statements
- Only 1% of outputs are properly escaped
- 0 nonce checks detected
- 0 capability checks detected
- All taint flows have unsanitized paths
Timelines Security Vulnerabilities
Timelines Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Data Flow Analysis
Timelines Attack Surface
Shortcodes 1
WordPress Hooks 9
Maintenance & Trust
Timelines Maintenance & Trust
Maintenance Signals
Community Trust
Timelines Alternatives
Timeline Express – Date – Time Add-On
timeline-express-date-time-add-on
Assign and display times alongside the announcement dates in Timeline Express announcements.
Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline)
timeline-widget-addon-for-elementor
Highlight your company’s history, milestones, and key events directly inside Elementor using stunning vertical and horizontal timelines.
Date Time Picker for Contact Form 7
date-time-picker-for-contact-form-7
This plugin enables Contact Form 7 text field into a Date picker, Time picker or Date Time picker by using CSS class.
Cool Timeline (Horizontal & Vertical Timeline)
cool-timeline
Showcase your story or company history, events, and roadmap in an interactive timeline using the powerful Cool Timeline plugin.
Countdown Timer Ultimate
countdown-timer-ultimate
A quick, easy way to add and display responsive Countdown timer on your website. Also work with Gutenberg shortcode block.
Timelines Developer Profile
2 plugins · 30 total installs
How We Detect Timelines
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/timelines/js/timeline-view.js/wp-content/plugins/timelines/css/timeline-view.css/wp-content/plugins/timelines/js/timeline-view.jstimelines/css/timeline-view.css?ver=timelines/js/timeline-view.js?ver=HTML / DOM Fingerprints
tl-timelinedata-timeline-idTimeline[timeline[/timeline]