PT-2026-6667 · WordPress · Timeline Block – Beautiful Timeline Builder For Wordpress

Kazuma Matsumoto

Published

2026-02-06

Updated

2026-02-06

CVE-2026-1228

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions The Timeline Block – Beautiful Timeline Builder for WordPress versions up to and including 1.3.3

Description The software is susceptible to an Insecure Direct Object Reference issue. This is due to a lack of validation on a user-controlled key within the tlgb shortcode() function. Authenticated attackers with Author-level access or higher can potentially disclose private timeline content by manipulating the id attribute within the 'timeline block' shortcode.

Recommendations Update The Timeline Block – Beautiful Timeline Builder for WordPress to a version later than 1.3.3.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2026-1228

Affected Products

Timeline Block – Beautiful Timeline Builder For Wordpress

CVE-2026-1228

Weakness Enumeration

Related Identifiers

Affected Products

References · 7