EUVD-2026-5609

🗓️ 06 Feb 2026 02:23:38Reported by EUVDType

The Timeline Block WordPress plugin has insecure direct object reference enabling authors to view private content via id.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-1228	6 Feb 202602:23	–	attackerkb
CNNVD	WordPress plugin Timeline Block 安全漏洞	6 Feb 202600:00	–	cnnvd
CVE	CVE-2026-1228	6 Feb 202602:23	–	cve
Cvelist	CVE-2026-1228 Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute	6 Feb 202602:23	–	cvelist
NVD	CVE-2026-1228	6 Feb 202603:15	–	nvd
Patchstack	WordPress Timeline Block plugin <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute vulnerability	6 Feb 202600:23	–	patchstack
Positive Technologies	PT-2026-6667	6 Feb 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-1228	7 Feb 202607:22	–	redhatcve
Vulnrichment	CVE-2026-1228 Timeline Block <= 1.3.3 - Insecure Direct Object Reference to Authenticated (Author+) Private Timeline Exposure via Shortcode Attribute	6 Feb 202602:23	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (February 2, 2026 to February 8, 2026)	12 Feb 202616:09	–	wordfence

[
  {
    "enisaIdVendor": [
      {
        "id": "6e35788f-658c-3ffe-abab-3bb738cd6206",
        "vendor": {
          "name": "bPlugins"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "5d15224e-c447-34e4-a5eb-6abc8e62e478",
        "product": {
          "name": "Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines)"
        },
        "product_version": "* ≤1.3.3"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/cecebfd0-c2af-4150-8793-299cdbeaa7b9
plugins	www.plugins.trac.wordpress.org/changeset/3446078/timeline-block-block

06 Feb 2026 19:28Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.14.3

EPSS0.00037

SSVC