Vulnerabilities and security researches forsimple-history simple-history

Jun 07, 2024

CVE, Research URL: 37ff141b617ca9babd944b4d91113a645863bf3f
Home page URL: Security reports for Simple History – user activity log, audit tool
Application: Simple History – user activity log, audit tool
Date: May 15, 2015
Research Description: Simple History – Track, Log, and Audit WordPress Changes [simple-history] < 1.0.8 WordPress Simple History Plugin <= 1.0.7 - Information Disclosure This plugin is prone to RSS Feed "rss_secret" disclosure weakness vulnerability. Update the plugin.
Affected versions: max 1.0.8.
Status: vulnerable

CVE, Research URL: CVE-2022-45350
Home page URL: Security reports for Simple History – user activity log, audit tool
Application: Simple History – user activity log, audit tool
Date: Nov 07, 2023
Research Description: Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1.
Affected versions: max 3.4.0.
Status: vulnerable

Jul 24, 2024

PSC, Research URL: PSC-2024-35896
Home page URL: Security reports for Simple History – user activity log, audit tool
Application: Simple History – user activity log, audit tool
Date: Aug 05, 2025
Research Description: In the dynamic environment of WordPress, keeping track of changes made to your website is essential for maintaining security and accountability. The "Simple History" plugin, now at version 4.10.0, offers a comprehensive solution by providing a detailed log of recent activities directly on your dashboard or a separate page. In this article, we delve into the significance of this plugin, highlighting its security features and its recognition through the "Plugin Security Certification" (PSC) from CleanTalk.
Affected versions: Min 3.3.2, max 4.1.16.
Status: SAFE & CERTIFIED

Jun 14, 2025

CVE, Research URL: CVE-2025-5760
Home page URL: Security reports for Simple History – user activity log, audit tool
Application: Simple History – user activity log, audit tool
Date: Jun 06, 2025
Research Description: The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password‐related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third‐party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password.
Affected versions: max 5.8.2.
Status: vulnerable

Apr 13, 2026

CVE, Research URL: CVE-2026-39473
Home page URL: Security reports for Simple History – user activity log, audit tool
Application: Simple History – user activity log, audit tool
Date: Apr 08, 2026
Research Description: Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History simple-history allows Retrieve Embedded Sensitive Data.This issue affects Simple History: from n/a through <= 5.24.0.
Affected versions: max 5.24.1.
Status: vulnerable

May 30, 2026

CVE, Research URL: CVE-2026-7459
Home page URL: Security reports for Simple History – user activity log, audit tool
Application: Simple History – user activity log, audit tool
Date: -
Research Description: Simple History – Track, Log, and Audit WordPress Changes [simple-history] < 5.27.0 CVE-2026-7459
Affected versions: max 5.27.0.
Status: vulnerable