{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14032", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-04T14:51:08.678Z", "datePublished": "2025-12-12T03:20:49.986Z", "dateUpdated": "2026-04-08T17:04:18.373Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:04:18.373Z"}, "affected": [{"vendor": "boldthemes", "product": "Bold Timeline Lite", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Bold Timeline Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'bold_timeline_group' shortcode in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Bold Timeline Lite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/840fd950-3ce3-4068-b8bc-270f168a5091?source=cve"}, {"url": "https://wordpress.org/plugins/bold-timeline-lite"}, {"url": "https://plugins.trac.wordpress.org/browser/bold-timeline-lite/trunk/assets/views/bold_timeline_group_view.php#L79"}, {"url": "https://plugins.trac.wordpress.org/browser/bold-timeline-lite/tags/1.2.7/assets/views/bold_timeline_group_view.php#L79"}, {"url": "https://plugins.trac.wordpress.org/changeset/3417223/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Djaidja Moundjid"}], "timeline": [{"time": "2025-12-11T15:10:30.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-12T20:14:29.956982Z", "id": "CVE-2025-14032", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T18:13:56.347Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14032", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-12T20:14:29.956982Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-12T20:14:34.036Z"}}], "cna": {"title": "Bold Timeline Lite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode", "credits": [{"lang": "en", "type": "finder", "value": "Djaidja Moundjid"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "boldthemes", "product": "Bold Timeline Lite", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.2.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-11T15:10:30.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/840fd950-3ce3-4068-b8bc-270f168a5091?source=cve"}, {"url": "https://wordpress.org/plugins/bold-timeline-lite"}, {"url": "https://plugins.trac.wordpress.org/browser/bold-timeline-lite/trunk/assets/views/bold_timeline_group_view.php#L79"}, {"url": "https://plugins.trac.wordpress.org/browser/bold-timeline-lite/tags/1.2.7/assets/views/bold_timeline_group_view.php#L79"}, {"url": "https://plugins.trac.wordpress.org/changeset/3417223/"}], "descriptions": [{"lang": "en", "value": "The Bold Timeline Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'bold_timeline_group' shortcode in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:04:18.373Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14032", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:04:18.373Z", "dateReserved": "2025-12-04T14:51:08.678Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-12T03:20:49.986Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Bold Timeline Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' parameter in the 'bold_timeline_group' shortcode in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "id": "CVE-2025-14032", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-12T04:15:46.040", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/bold-timeline-lite/tags/1.2.7/assets/views/bold_timeline_group_view.php#L79"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/bold-timeline-lite/trunk/assets/views/bold_timeline_group_view.php#L79"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3417223/"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/bold-timeline-lite"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/840fd950-3ce3-4068-b8bc-270f168a5091?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T17:27:12.713511+00:00", "value": {"mitigation_remediation": ["Upgrade Bold Timeline Lite to the latest release that removes the vulnerability", "Scan the database and clean any crafted 'title' entries that contain malicious scripts", "Limit Contributor role privileges or disable the shortcode for non\u2011administrator users"], "summary": {"action": "Patch", "impact": "Stored Cross\u2011Site Scripting enabling script execution for authenticated users with Contributor level access or higher"}, "threat_synthesis": {"affected_systems": "Bold Timeline Lite plugin for WordPress versions up to and including 1.2.7. Sites that have installed this plugin and provide Contributor or higher level accounts are affected.", "description_and_impact": "The vulnerability resides in the Bold Timeline Lite WordPress plugin and allows a stored XSS flaw through the 'title' parameter of the 'bold_timeline_group' shortcode. Because input is not properly sanitized or escaped, an attacker who can authenticate to the site with at least Contributor privileges can inject arbitrary JavaScript that will execute in the browsers of any user who views the affected content, leading to defacement, data theft, or session hijacking.", "risk_and_exploitability": "The CVSS score of 6.4 indicates moderate severity. With an EPSS score of less than 1% the likelihood of public exploitation is low, and the vulnerability is not listed in CISA\u2019s KEV catalog. However, the requirement of authenticated access means that risk is confined to insiders or compromised contributor accounts; once an attacker achieves this level of access, the stored XSS can be leveraged across all visitors to the site."}}}}, "created": "2025-12-12T08:48:08.595804+00:00", "updated": "2026-04-21T17:30:37.701158+00:00", "vendors": ["bold-themes", "bold-themes$PRODUCT$bold_timeline_lite", "wordpress", "wordpress$PRODUCT$wordpress"]}