CVE-2026-6551 - Vulnerability Details

- Timeline Blocks for Gutenberg <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag' Block Attribute

Description

The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Published: 2026-04-28

Score: 6.4 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Timeline Blocks for Gutenberg plugin is vulnerable to stored Cross‑Site Scripting due to the lack of proper input sanitization and output escaping on the 'titleTag' block attribute. An attacker who can authenticate with contributor or higher privileges can inject malicious JavaScript into the attribute, which is then persisted in the database. When any user loads a page containing the injected block, the script executes in the context of the page, permitting attacks such as defacement, cookie theft, or other client‑side compromise.

Affected Systems

WordPress sites running the Timeline Blocks for Gutenberg plugin, any version up to and including 1.1.10.

Risk and Exploitability

With a CVSS score of 6.4 the vulnerability represents a moderate severity risk. No EPSS data is available, and the vulnerability is not listed in CISA’s KEV catalog, but the attack vector remains clear: an authenticated contributor or higher user can insert malicious payloads. The stored nature of the flaw means the impact is permanent until the page is regenerated or the payload removed, potentially affecting all visitors to the affected posts.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

techeshta

Timeline Blocks for Gutenberg

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.1.10

No data.

Vendor Product Confidence Versions

Techeshta

Timeline Blocks For Gutenberg

100%

Version	Status	Scheme	Platform
`[0,1.1.10]`	affected	semver	—

Wordpress

80%

Version	Status	Scheme	Platform
`—`	unaffected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Timeline Blocks for Gutenberg plugin to the latest released version that addresses the 'titleTag' sanitization issue.
If an upgrade is not immediately possible, revoke Contributor role access to the block editor or remove the plugin entirely from the site to prevent exploitation.
As a temporary measure, restrict the use of Timeline Blocks by limiting block insertion to Administrators only and audit existing content for unexpected JavaScript in the 'titleTag' attribute.

Generated by OpenCVE AI on April 28, 2026 at 19:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00046.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/timeline-blocks/tags/1.1.10/src/blocks/index.php#L202
https://plugins.trac.wordpress.org/browser/timeline-blocks/tags/1.1.10/src/blocks/index.php#L343
https://plugins.trac.wordpress.org/browser/timeline-blocks/trunk/src/blocks/index.php#L200
https://plugins.trac.wordpress.org/browser/timeline-blocks/trunk/src/blocks/index.php#L202
https://plugins.trac.wordpress.org/browser/timeline-blocks/trunk/src/blocks/index.php#L342
https://plugins.trac.wordpress.org/browser/timeline-blocks/trunk/src/blocks/index.php#L343
https://www.wordfence.com/threat-intel/vulnerabilities/id/393d1b30-19f8-454d-84c0-0b539953e1fe?source=cve

History

Tue, 28 Apr 2026 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Techeshta Techeshta timeline Blocks For Gutenberg Wordpress Wordpress wordpress
Vendors & Products		Techeshta Techeshta timeline Blocks For Gutenberg Wordpress Wordpress wordpress

Tue, 28 Apr 2026 05:30:00 +0000

Type	Values Removed	Values Added
Description		The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Title		Timeline Blocks for Gutenberg <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titleTag' Block Attribute
Weaknesses		CWE-79
References		https://plugins.trac.wordpress.org/browser/timeline-blocks/tags/1.1.10/src/blocks/index.php#L202 https://plugins.trac.wordpress.org/browser/timeline-blocks/tags/1.1.10/src/blocks/index.php#L343 https://plugins.trac.wordpress.org/browser/timeline-blocks/trunk/src/blocks/index.php#L200 https://plugins.trac.wordpress.org/browser/timeline-blocks/trunk/src/blocks/index.php#L202 https://plugins.trac.wordpress.org/browser/timeline-blocks/trunk/src/blocks/index.php#L342 https://plugins.trac.wordpress.org/browser/timeline-blocks/trunk/src/blocks/index.php#L343 https://www.wordfence.com/threat-intel/vulnerabilities/id/393d1b30-19f8-454d-84c0-0b539953e1fe?source=cve
Metrics		cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}`

Subscriptions

Techeshta Timeline Blocks For Gutenberg

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2026-04-28T04:28:20.578Z

Updated: 2026-04-28T14:34:04.680Z

Reserved: 2026-04-17T21:23:28.358Z

Link: CVE-2026-6551

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2026-04-28T06:16:04.417

Modified: 2026-04-28T20:26:04.673

Link: CVE-2026-6551

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-28T19:45:07Z

Weaknesses

CWE-79

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object