CVE-2026-1127 is a reflected Cross-Site Scripting (XSS) vulnerability identified in the Timeline Event History plugin for WordPress, developed by wpdiscover. This vulnerability affects all versions up to and including 3.2. The root cause is insufficient input sanitization and output escaping of the 'id' parameter in HTTP requests. When an attacker crafts a malicious URL containing a specially designed 'id' parameter and convinces a user to click it, the injected script executes within the context of the victim's browser session. This can lead to theft of session cookies, defacement, or redirection to malicious sites, compromising confidentiality and integrity of user data. The vulnerability does not require authentication but does require user interaction (clicking a link). The CVSS v3.1 score is 6.1, reflecting medium severity with network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed due to potential impact beyond the vulnerable component. No public exploits have been reported yet, but the vulnerability is publicly disclosed and should be treated seriously. The plugin is widely used in WordPress environments to track event histories, making it a relevant target for attackers aiming to compromise websites or their visitors.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on WordPress sites with the Timeline Event History plugin enabled. Successful exploitation can lead to session hijacking, unauthorized actions performed on behalf of users, and exposure of sensitive information. This can damage organizational reputation, lead to data breaches, and potentially violate GDPR requirements concerning personal data protection. Public-facing websites, particularly those providing event or timeline information, are at higher risk. The vulnerability could also be leveraged as an initial vector for more complex attacks, including phishing or malware distribution. Although the vulnerability does not affect availability directly, the indirect consequences such as loss of customer trust and regulatory penalties can be severe. Organizations with high web traffic and user engagement are more exposed to exploitation attempts.

Immediate mitigation should focus on removing or disabling the Timeline Event History plugin until a vendor patch is released. Organizations should monitor wpdiscover announcements and apply updates promptly once available. In the interim, implement strict input validation and output encoding on the 'id' parameter at the web application firewall (WAF) or reverse proxy level to block malicious payloads. Deploy Content Security Policy (CSP) headers to restrict script execution sources, reducing the impact of injected scripts. Educate users and administrators about the risks of clicking untrusted links. Conduct regular security audits of WordPress plugins and maintain an inventory to quickly identify vulnerable components. Consider using security plugins that provide XSS protection and monitor for suspicious activity. Finally, ensure that incident response plans include procedures for handling XSS incidents and potential data breaches.