WordPress Plugin Vulnerabilities

Timber < 1.23.3 - Use of a Vulnerable Dependency

Description

The plugin is utilizing a vulnerable version of Twig. It has not been confirmed if the package is exploitable in the plugin.

Affects Plugins

Plugin icon
timber-library
Fixed in 1.23.3

References

CVE
CVE-2024-45411
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0add0b7c-c47a-4ff0-b750-9b1433970d85

Miscellaneous

Verified
No
WPVDB ID
5813c300-923a-44b8-b03b-e57b2bd44ce0

Timeline

Publicly Published
2025-07-24 (about 11 months ago)
Added
2025-07-24 (about 11 months ago)
Last Updated
2025-07-24 (about 11 months ago)

Other

Published
Title
Published
2024-06-06
Title
Contact Form Builder, Contact Widget <= 2.1.7 - Authentication Request Bypass
Published
2022-07-11
Title
YOP Poll < 6.4.3 - IP Spoofing
Published
2024-04-12
Title
Download Manager < 3.2.83 - Unauthenticated Password Protected File Bypass
Published
2022-04-07
Title
SiteGround Security < 1.2.6 - Authorization Weakness to Authentication Bypass via 2-FA Back-up Codes
Published
2015-03-08
Title
Download Monitor < 1.6.4 - Authenticated Directory Listing