{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-5760", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-05T21:55:51.664Z", "datePublished": "2025-06-06T11:13:16.129Z", "dateUpdated": "2026-04-08T17:17:22.668Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:17:22.668Z"}, "affected": [{"vendor": "eskapism", "product": "Simple History \u2013 Track, Log, and Audit WordPress Changes", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.8.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin\u2019s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password\u2010related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third\u2010party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password."}], "title": "Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6364415-da02-4236-b635-d8fbd27faa33?source=cve"}, {"url": "https://simple-history.com/support/detective-mode/"}, {"url": "https://wordpress.org/plugins/simple-history/#developers"}, {"url": "https://github.com/bonny/WordPress-Simple-History/issues/546"}, {"url": "https://github.com/bonny/WordPress-Simple-History/commit/68eab0cab6882eafef4bfece884093eeda5ac018"}, {"url": "https://wordpress.org/support/topic/security-vulnerability-passwords-stored-as-plain-text-in-logs/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3267487/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-256 Plaintext Storage of a Password", "cweId": "CWE-256", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Blair Crawford"}], "timeline": [{"time": "2025-06-05T21:58:10.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-06T15:41:55.248316Z", "id": "CVE-2025-5760", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-06T16:08:09.477Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5760", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-06T15:41:55.248316Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-06T15:41:56.770Z"}}], "cna": {"title": "Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode", "credits": [{"lang": "en", "type": "finder", "value": "Blair Crawford"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "eskapism", "product": "Simple History \u2013 Track, Log, and Audit WordPress Changes", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.8.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-05T21:58:10.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6364415-da02-4236-b635-d8fbd27faa33?source=cve"}, {"url": "https://simple-history.com/support/detective-mode/"}, {"url": "https://wordpress.org/plugins/simple-history/#developers"}, {"url": "https://github.com/bonny/WordPress-Simple-History/issues/546"}, {"url": "https://github.com/bonny/WordPress-Simple-History/commit/68eab0cab6882eafef4bfece884093eeda5ac018"}, {"url": "https://wordpress.org/support/topic/security-vulnerability-passwords-stored-as-plain-text-in-logs/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3267487/"}], "descriptions": [{"lang": "en", "value": "The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin\u2019s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password\u2010related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third\u2010party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-256", "description": "CWE-256 Plaintext Storage of a Password"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:17:22.668Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5760", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:17:22.668Z", "dateReserved": "2025-06-05T21:55:51.664Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-06T11:13:16.129Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin\u2019s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password\u2010related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third\u2010party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password."}, {"lang": "es", "value": "El complemento Simple History para WordPress es vulnerable a la exposici\u00f3n de datos confidenciales mediante el Modo Detective debido a una depuraci\u00f3n incorrecta de la funci\u00f3n append_debug_info_to_context() en versiones anteriores a la 5.8.1. Cuando el Modo Detective est\u00e1 habilitado, el registrador del complemento captura todo el contenido de $_POST (y, en ocasiones, los cuerpos de las solicitudes sin procesar o $_GET) sin ocultar ninguna clave relacionada con la contrase\u00f1a. Como resultado, cada vez que un usuario env\u00eda un formulario de inicio de sesi\u00f3n, ya sea mediante wp_login nativo o un widget de inicio de sesi\u00f3n de terceros, su contrase\u00f1a real se escribe en texto plano en los registros. Un atacante autenticado o cualquier usuario cuyas acciones generen un evento de inicio de sesi\u00f3n registrar\u00e1 su contrase\u00f1a; un administrador (o cualquier persona con acceso de lectura a la base de datos) puede entonces leer esos registros y recuperar todas las contrase\u00f1as capturadas."}], "id": "CVE-2025-5760", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-06-06T12:15:25.333", "references": [{"source": "security@wordfence.com", "url": "https://github.com/bonny/WordPress-Simple-History/commit/68eab0cab6882eafef4bfece884093eeda5ac018"}, {"source": "security@wordfence.com", "url": "https://github.com/bonny/WordPress-Simple-History/issues/546"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3267487/"}, {"source": "security@wordfence.com", "url": "https://simple-history.com/support/detective-mode/"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/simple-history/#developers"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/support/topic/security-vulnerability-passwords-stored-as-plain-text-in-logs/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6364415-da02-4236-b635-d8fbd27faa33?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-256"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T20:29:55.035140+00:00", "value": {"mitigation_remediation": ["Upgrade Simple History to version 5.8.1 or newer.", "Disable Detective Mode in the plugin settings to stop logging sensitive request data.", "Clear or redact existing audit logs that may contain plaintext passwords, then restrict database access to trusted administrators only."], "summary": {"action": "Apply Patch", "impact": "Sensitive Information Exposure"}, "threat_synthesis": {"affected_systems": "WordPress installations that use the eskapism:Simple History plugin in any version up to and including 5.8.1 are vulnerable. Site administrators should verify the current plugin version; any release before 5.8.1 is affected and requires remediation.", "description_and_impact": "The Simple History plugin for WordPress has a flaw where enabled Detective Mode causes the logger to write the entire contents of $_POST, and sometimes raw request bodies or $_GET, to audit logs without removing password-related keys. This means that whenever a user submits a login form\u2014whether through the native wp_login routine or a third\u2011party authentication widget\u2014their actual password is recorded in plain text. An authenticated user with sufficient privileges, such as an administrator or anyone with database read rights, can then read those logs and retrieve all captured passwords. The weakness stems from improper input sanitization (CWE\u2011256), leading to data leakage rather than code execution or denial of service.", "risk_and_exploitability": "With a CVSS score of 4.9 and an EPSS value of less than 1%, the likelihood of exploitation is low but not negligible. The vulnerability is listed as not being in the CISA KEV catalog, suggesting no widespread exploitation has been reported to date. An attacker needs only to be authenticated with sufficient privileges to access the audit logs; the attack vector is local data access rather than remote exploitation. The potential impact is the exposure of users\u2019 plaintext passwords, which could enable credential stuffing or account compromise elsewhere."}}}}, "created": "2026-04-20T20:30:16.075255+00:00", "updated": "2026-04-20T20:30:16.075265+00:00", "vendors": []}