CVE-2017-14507

CRITICAL

Content Timeline plugin 4.4.2 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14507. PoCs published by Jeroen - IT Nerdbox.

AI-analyzed exploit summary This is a writeup detailing multiple blind SQL injection vulnerabilities in the WordPress plugin 'Content Timeline' version 4.4.2. The vulnerabilities are due to unsanitized GET parameters 'timeline' and 'id' used in SQL queries.

Description

Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php.

Exploits (1)

exploitdb WRITEUP

by Jeroen - IT Nerdbox · textwebappsphp

https://www.exploit-db.com/exploits/42794

View Code ZIP pw:eip

This is a writeup detailing multiple blind SQL injection vulnerabilities in the WordPress plugin 'Content Timeline' version 4.4.2. The vulnerabilities are due to unsanitized GET parameters 'timeline' and 'id' used in SQL queries.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Content Timeline WordPress Plugin 4.4.2

No auth needed

Prerequisites: Access to the target WordPress site

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42794/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://wpvulndb.com/vulnerabilities/8921

Scores

CVSS v3 9.8

EPSS 0.0525

EPSS Percentile 91.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

shindiristudio/content_timeline 4.4.2

Published Sep 29, 2017

Tracked Since Feb 18, 2026