VYPR

Simple History

by WordPress

Source repositories

CVEs (4)

  • CVE-2026-7459HigMay 30, 2026
    risk 0.42cvss 7.5epss 0.01

    The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints (react_to_event() / unreact_to_event()). The endpoints…

  • CVE-2026-39473MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Pär Thernström Simple History simple-history allows Retrieve Embedded Sensitive Data.This issue affects Simple History: from n/a through <= 5.24.0.

  • CVE-2022-45350MedNov 7, 2023
    risk 0.31cvss 5.8epss 0.01

    Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1.

  • CVE-2025-5760MedJun 6, 2025
    risk 0.25cvss 4.9epss 0.00

    The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the…