Cyber Resilience

CVE-2024-13571

HighPublic PoC

Published: 26 February 2025

Published
26 February 2025
Modified
15 May 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0008 23.7th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-13571 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Agilelogix Post Timeline. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked at the 23.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2024-13571 is a reflected cross-site scripting (XSS) vulnerability in the Post Timeline WordPress plugin versions before 2.3.10. The plugin fails to sanitize and escape a parameter before outputting it back in the page, enabling attackers to inject and execute malicious scripts. It carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L) and maps to CWE-79.

Unauthenticated attackers can exploit this vulnerability remotely with low complexity by crafting malicious payloads in a parameter that reflects unsanitized in the page. Exploitation requires user interaction, such as an administrator clicking a malicious link, allowing JavaScript execution in the victim's browser context with changed scope and low impacts on confidentiality, integrity, and availability.

The WPScan advisory at https://wpscan.com/vulnerability/ad6ad44d-fdc3-494c-a371-5d7959d1fd23/ details the issue, with mitigation achieved by updating the Post Timeline plugin to version 2.3.10 or later.

EU & UK References

Vulnerability details

The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
Why these techniques?

Reflected XSS directly enables arbitrary JS execution in the victim's browser context, facilitating browser session hijacking and theft of web session cookies.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-32277Shared CWE-79
CVE-2026-35035Shared CWE-79
CVE-2026-46367Shared CWE-79
CVE-2025-25102Shared CWE-79
CVE-2025-26918Shared CWE-79
CVE-2025-67923Shared CWE-79
CVE-2026-27655Shared CWE-79
CVE-2026-30919Shared CWE-79
CVE-2025-23883Shared CWE-79
CVE-2026-41904Shared CWE-79

Affected Assets

agilelogix
post timeline
≤ 2.3.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-15 requires filtering of output to block malicious scripts from being reflected unsanitized in web pages, directly preventing exploitation of this reflected XSS vulnerability.

prevent

SI-10 enforces validation of untrusted inputs to reject malicious payloads before processing and output, addressing the plugin's failure to sanitize parameters.

prevent

SI-2 mandates timely flaw remediation, such as updating the Post Timeline plugin to version 2.3.10, which patches the sanitization and escaping deficiency.

References