{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1228", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-01-20T13:01:02.988Z", "datePublished": "2026-02-06T02:23:38.677Z", "dateUpdated": "2026-04-08T17:24:31.746Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:24:31.746Z"}, "affected": [{"vendor": "bplugins", "product": "Timeline Block \u2013 Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines)", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.3.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Timeline Block \u2013 Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgb_shortcode() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to disclose private timeline content via the id attribute supplied to the 'timeline_block' shortcode."}], "title": "Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cecebfd0-c2af-4150-8793-299cdbeaa7b9?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3446078/timeline-block-block"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kazuma Matsumoto"}], "timeline": [{"time": "2026-01-20T13:17:45.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-02-05T13:39:29.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-06T19:27:56.342985Z", "id": "CVE-2026-1228", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T19:28:05.665Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1228", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-06T19:27:56.342985Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T19:28:01.302Z"}}], "cna": {"title": "Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute", "credits": [{"lang": "en", "type": "finder", "value": "Kazuma Matsumoto"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "bplugins", "product": "Timeline Block \u2013 Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines)", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.3.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-20T13:17:45.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-02-05T13:39:29.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cecebfd0-c2af-4150-8793-299cdbeaa7b9?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3446078/timeline-block-block"}], "descriptions": [{"lang": "en", "value": "The Timeline Block \u2013 Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgb_shortcode() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to disclose private timeline content via the id attribute supplied to the 'timeline_block' shortcode."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:24:31.746Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1228", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:24:31.746Z", "dateReserved": "2026-01-20T13:01:02.988Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-06T02:23:38.677Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Timeline Block \u2013 Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.3 via the tlgb_shortcode() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to disclose private timeline content via the id attribute supplied to the 'timeline_block' shortcode."}, {"lang": "es", "value": "El plugin Timeline Block \u2013 Beautiful Timeline Builder for WordPress (Vertical &amp; Horizontal Timelines) para WordPress es vulnerable a Referencia Directa Insegura a Objeto en todas las versiones hasta la 1.3.3, inclusive, a trav\u00e9s de la funci\u00f3n tlgb_shortcode() debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto permite a atacantes autenticados, con acceso de nivel Autor y superior, divulgar contenido privado de la l\u00ednea de tiempo a trav\u00e9s del atributo id suministrado al shortcode 'timeline_block'."}], "id": "CVE-2026-1228", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-06T03:15:48.077", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3446078/timeline-block-block"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cecebfd0-c2af-4150-8793-299cdbeaa7b9?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-15T17:28:51.460007+00:00", "value": {"mitigation_remediation": ["Upgrade the Timeline Block plugin to a version newer than 1.3.3 if available; this is the most definitive fix.", "Restrict the 'timeline_block' shortcode so that only Administrators can use it, preventing Author-level users from accessing private timeline content.", "If an upgrade or restriction is not feasible, deactivate the plugin or remove shortcodes that expose private timelines from public or draft pages until a trusted patch is applied."], "summary": {"action": "Apply Patch", "impact": "Insecure Direct Object Reference exposing private timeline data"}, "threat_synthesis": {"affected_systems": "WordPress sites using the Timeline Block \u2013 Beautiful Timeline Builder for WordPress plugin from bplugins. Versions up to and including 1.3.3 are affected. No specific sub\u2011versions are listed beyond the major release number.", "description_and_impact": "The Timeline Block \u2013 Beautiful Timeline Builder for WordPress plugin is vulnerable to Insecure Direct Object Reference. The missing validation on the id attribute of the 'timeline_block' shortcode allows an attacker who is logged in with Author level or higher to request private timeline content that was intended for restricted recipients. This results in unauthorized disclosure of private timeline data, a confidentiality breach.", "risk_and_exploitability": "The vulnerability has a CVSS score of 4.3 and an EPSS probability of less than 1%, indicating a moderate severity but a low likelihood of exploitation. It is not listed in the CISA KEV database. Attackers need only be authenticated with Author level or higher and can leverage the shortcode by supplying an arbitrary id value to obtain private timeline details. The weakness primarily stems from a lack of proper authorization checks (CWE\u2011639)."}}}}, "created": "2026-02-06T12:04:50.665829+00:00", "updated": "2026-04-15T17:45:10.850120+00:00", "vendors": ["bplugins", "bplugins$PRODUCT$timeline_block_\u2013_beautiful_timeline_builder_for_wordpress_(vertical_&_horizontal_timelines)", "wordpress", "wordpress$PRODUCT$wordpress"]}