Sensitive Data Exposure in Simple History Plugin for WordPress
CVE-2025-5760

4.9MEDIUM

Key Information:

Vendor: WordPress
Status: Simple History – Track, Log, And Audit WordPress Changes
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-5760?

The Simple History plugin for WordPress exposes sensitive user data due to inadequate sanitization in the append_debug_info_to_context() function. When Detective Mode is activated, it logs entire contents of user submissions, including passwords, without redaction. This flaw allows authenticated attackers or users generating login events to have their plaintext passwords stored in logs, which can be accessed by those with database read permissions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Simple History – Track, Log, and Audit WordPress Changes * <= 5.8.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://simple-history.com/support/detective-mode/

https://wordpress.org/plugins/simple-history/#developers

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Jun 5, 2025

Credit

Blair Crawford

JSON

WordPress

What is CVE-2025-5760?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.