Vulnerabilities and security researches fortimeline-block-block timeline-block-block

Feb 18, 2025

CVE, Research URL: CVE-2025-26754
Home page URL: Security reports for Timeline Block
Application: Timeline Block
Date: Feb 17, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Timeline Block allows Stored XSS. This issue affects Timeline Block: from n/a through 1.1.1.
Affected versions: max 1.1.3.
Status: vulnerable

Apr 15, 2026

CVE, Research URL: CVE-2026-1228
Home page URL: Security reports for Timeline Block
Application: Timeline Block
Date: Feb 06, 2026
Research Description: The Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgb_shortcode() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to disclose private timeline content via the id attribute supplied to the 'timeline_block' shortcode.
Affected versions: max 1.3.4.
Status: vulnerable