WP-Safety

Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) Security & Risk Analysis

wordpress.org/plugins/timeline-widget-addon-for-elementor

Highlight your company’s history, milestones, and key events directly inside Elementor using stunning vertical and horizontal timelines.

70K active installs v1.6.23 PHP 7.2+ WP 5.0+ Updated Feb 19, 2026
elementor-timelinehistoryhorizontal-timelineroadmaptimeline
100
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 6, 2024
Plugin page Download
Safety Verdict

Is Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) Safe to Use in 2026?

Generally Safe

Score 100/100

Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 6, 2024Updated 1mo ago
Risk Assessment

The plugin "timeline-widget-addon-for-elementor" v1.6.23 demonstrates a generally good security posture, particularly in its handling of SQL queries and the absence of critical or high-severity taint flows. The static analysis reveals a robust implementation of prepared statements for SQL and a significant percentage of properly escaped output, suggesting developers have paid attention to common web vulnerabilities. The presence of nonce and capability checks across its entry points further bolsters its defenses, with no unprotected AJAX handlers or REST API routes identified.

However, there are minor areas for improvement. The plugin makes two external HTTP requests, which, while not inherently a vulnerability, can introduce risks if the target endpoints are compromised or if the requests are not handled securely. The vulnerability history indicates a past medium-severity Cross-site Scripting (XSS) vulnerability, which, although patched, serves as a reminder that even well-implemented plugins can have exploitable flaws. The fact that this was a recent vulnerability (February 2024) also suggests that ongoing vigilance and code review are crucial.

Overall, the plugin appears to be reasonably secure, with strong internal security mechanisms in place. The main concerns stem from potential risks associated with external dependencies and the reminder provided by its past XSS vulnerability. While the current version shows good practices, continuous security auditing and prompt patching of any future vulnerabilities remain essential for maintaining a strong security profile.

Key Concerns

  • Past medium CVE (XSS)
  • External HTTP requests (2)
Vulnerabilities
1

Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-0977medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Feb 6, 2024 Patched in 1.5.4 (1d)
Code Analysis
Analyzed Mar 16, 2026

Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
34
190 escaped
Nonce Checks
7
Capability Checks
13
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

85% escaped224 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
twae_hide_notice (includes\migration\twae-migration-ajax.php:26)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) Attack Surface

Entry Points6
Unprotected0

AJAX Handlers 6

authwp_ajax_cpfm_handle_opt_inadmin\feedback\cpfm-feedback-notice.php:13
authwp_ajax_twae_dismiss_noticeadmin\feedback-notice\twae-feedback-notice.php:19
authwp_ajax_twae_install_pluginadmin\marketing\twae-marketing-common.php:76
authwp_ajax_twae_mkt_dismiss_noticeadmin\marketing\twae-marketing-common.php:78
authwp_ajax_twae_run_migrationincludes\migration\twae-migration-ajax.php:21
authwp_ajax_twae_hide_migration_noticeincludes\migration\twae-migration-ajax.php:22
WordPress Hooks 37
actionadmin_initadmin\feedback\cpfm-feedback-notice.php:11
actionadmin_enqueue_scriptsadmin\feedback\cpfm-feedback-notice.php:12
actionadmin_footeradmin\feedback\cpfm-feedback-notice.php:15
actionadmin_enqueue_scriptsadmin\feedback\twae-admin-feedback-form.php:45
actionadmin_headadmin\feedback\twae-admin-feedback-form.php:46
actionadmin_noticesadmin\feedback-notice\twae-feedback-notice.php:17
actionadmin_enqueue_scriptsadmin\feedback-notice\twae-feedback-notice.php:18
actionadmin_noticesadmin\marketing\twae-marketing-common.php:44
actionelementor/initadmin\marketing\twae-marketing-common.php:50
actionelementor/element/loop-grid/section_query/before_section_endadmin\marketing\twae-marketing-common.php:53
actionelementor/element/form/section_form_fields/before_section_endadmin\marketing\twae-marketing-common.php:69
actionelementor/element/taxonomy-filter/section_taxonomy_filter/before_section_endadmin\marketing\twae-marketing-common.php:72
actionelementor/editor/after_enqueue_scriptsadmin\marketing\twae-marketing-common.php:234
actionelementor/editor/after_enqueue_stylesadmin\marketing\twae-marketing-common.php:235
actionadmin_menuadmin\timeline-addon-page\timeline-welcome-page.php:56
actionadmin_enqueue_scriptsadmin\timeline-addon-page\timeline-welcome-page.php:57
actionelementor/initincludes\class-twae-free-main.php:65
actionelementor/initincludes\class-twae-free-main.php:67
actionadmin_noticesincludes\class-twae-free-main.php:97
actionelementor/widgets/registerincludes\class-twae-free-main.php:146
filterwpml_elementor_widgets_to_translateincludes\class-twae-free-main.php:151
actionelementor/initincludes\class-twae.php:7
filterelementor/editor/localize_settingsincludes\class-twae.php:39
actionelementor/widgets/widgets_registeredincludes\class-twae.php:75
filtercron_schedulesincludes\cron\class-cron.php:15
actiontwae_extra_data_updateincludes\cron\class-cron.php:16
actionadmin_noticesincludes\migration\twae-migration-ajax.php:20
actionelementor/editor/after_enqueue_scriptsincludes\migration\twae-migration-ajax.php:23
actionplugins_loadedtimeline-widget-addon-for-elementor.php:73
actionplugins_loadedtimeline-widget-addon-for-elementor.php:74
actioninittimeline-widget-addon-for-elementor.php:75
actionactivated_plugintimeline-widget-addon-for-elementor.php:76
actionadmin_noticestimeline-widget-addon-for-elementor.php:96
actionadmin_inittimeline-widget-addon-for-elementor.php:122
actioncpfm_register_noticetimeline-widget-addon-for-elementor.php:125
actioncpfm_after_opt_in_twaetimeline-widget-addon-for-elementor.php:149
actionelementor/editor/after_savewidgets\twae-widget.php:22

Scheduled Events 2

twae_extra_data_update
twae_extra_data_update
Maintenance & Trust

Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 19, 2026
PHP min version7.2
Downloads1.5M

Community Trust

Rating96/100
Number of ratings243
Active installs70K
Alternatives

Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) Alternatives

Cool Timeline (Horizontal & Vertical Timeline)

Cool Timeline (Horizontal & Vertical Timeline)

cool-timeline

A
100

Showcase your story or company history, events, and roadmap in an interactive timeline using the powerful Cool Timeline plugin.

20K 1 CVE
Timeline Module for Divi

Timeline Module for Divi

timeline-module-for-divi

A
100

Highlight your company's history, milestones, and future plans with the advanced Timeline Module for Divi.

2K No CVEs
Bold Timeline Lite

Bold Timeline Lite

bold-timeline-lite

A
95

Bold Timeline Lite – WordPress Timeline Plugin

10K 5 CVEs
Timeline Block For Gutenberg

Timeline Block For Gutenberg

timeline-block

A
100

Showcase your company history, process steps, milestones, and roadmap inside Gutenberg using the powerful Timeline Block

9K No CVEs
Timeline – Vertical and Horizontal Timeline Layouts

Timeline – Vertical and Horizontal Timeline Layouts

b-timeline

A
100

Create stunning vertical or horizontal timelines to showcase stories, events, milestones, and memories on any WordPress site — no coding needed.

2K No CVEs
Developer Profile

Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) Developer Profile

CoolHappy

12 plugins · 210K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
203 days
View full developer profile
Detection Fingerprints

How We Detect Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/timeline-widget-addon-for-elementor/assets/css/timeline-widget-style.css/wp-content/plugins/timeline-widget-addon-for-elementor/assets/js/timeline-widget-script.js
Script Paths
/wp-content/plugins/timeline-widget-addon-for-elementor/assets/js/timeline-widget-script.js
Version Parameters
/wp-content/plugins/timeline-widget-addon-for-elementor/assets/css/timeline-widget-style.css?ver=/wp-content/plugins/timeline-widget-addon-for-elementor/assets/js/timeline-widget-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
twae-timeline-containertwae-timeline-itemtwae-timeline-contenttwae-timeline-datetwae-timeline-icontwae-timeline-titletwae-timeline-descriptiontwae-timeline-image+2 more
HTML Comments
<!-- Elementor Timeline Widget Addon by Cool Plugins -->
Data Attributes
data-twae-iddata-twae-settings
JS Globals
twae_widget_settings
FAQ

Frequently Asked Questions about Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline)