cleantalk
Vulnerabilities and Security Researches

Timeline Event History, CVE-2026-1127

CVE, Research URL

CVE-2026-1127

Home page URL

Security reports for Timeline Event History

Application

Timeline Event History

Published on
Jan 24, 2026
Research Description
The Timeline Event History plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `id` parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 3.2.
Status
vulnerable
Previous vulnerability researches
Menu Icons by ThemeIsle (CVE-2024-4635) , Jun 07, 2024
Menu Icons by ThemeIsle (CVE-2026-1755) , Apr 15, 2026
New vulnerability
Customer Reviews for WooCommerce (CVE-2026-1316) , Apr 15, 2026
WP Recipe Maker (CVE-2026-1558) , Apr 15, 2026
Page and Post Clone (CVE-2026-2893) , Apr 15, 2026
Greenshift – animation and page builder blocks (CVE-2026-2589) , Apr 15, 2026
Greenshift – animation and page builder blocks (CVE-2026-1927) , Apr 15, 2026