CVSS Score of 10 (low)


Published Jul 1, 2023
Updated: Nov 7, 2023
CWE ID 352


The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress, up to and including version 2.0.2, is vulnerable to Cross-Site Request Forgery (CSRF) with the CVE ID CVE-2020-36738. The vulnerability occurs due to missing or incorrect nonce validation on the ctl_save() function. This allows unauthenticated attackers to save field icons through a forged request if they can trick a site administrator into performing an action, such as clicking on a link. The vulnerability has a risk score of 10 and a base severity rating of MEDIUM. It affects various products and can be remediated by updating to a patched version of the plugin.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2020-36738 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options