Search criteria
2 vulnerabilities by eskapism
CVE-2025-10050 (GCVE-0-2025-10050)
Vulnerability from cvelistv5 – Published: 2025-09-17 01:49 – Updated: 2025-09-17 13:10
VLAI?
Title
Developer Loggers for Simple History <= 0.5 - Authenticated (Admin+) Local File Inclusion
Summary
The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabled_loggers parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.
Severity ?
6.6 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| eskapism | Developer Loggers for Simple History |
Affected:
* , ≤ 0.5
(semver)
|
Credits
Jonas Benjamin Friedli
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-17T13:10:22.333533Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T13:10:31.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Developer Loggers for Simple History",
"vendor": "eskapism",
"versions": [
{
"lessThanOrEqual": "0.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jonas Benjamin Friedli"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Developer Loggers for Simple History plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.5 via the enabled_loggers parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T01:49:16.544Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ea3a9e-2a9a-4628-8ea1-e18e756f915f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3361543%40developer-loggers-for-simple-history\u0026new=3361543%40developer-loggers-for-simple-history\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-16T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Developer Loggers for Simple History \u003c= 0.5 - Authenticated (Admin+) Local File Inclusion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10050",
"datePublished": "2025-09-17T01:49:16.544Z",
"dateReserved": "2025-09-05T18:55:18.588Z",
"dateUpdated": "2025-09-17T13:10:31.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5760 (GCVE-0-2025-5760)
Vulnerability from cvelistv5 – Published: 2025-06-06 11:13 – Updated: 2025-06-06 16:08
VLAI?
Title
Simple History <= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode
Summary
The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin’s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password‐related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third‐party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password.
Severity ?
4.9 (Medium)
CWE
- CWE-256 - Plaintext Storage of a Password
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| eskapism | Simple History – Track, Log, and Audit WordPress Changes |
Affected:
* , ≤ 5.8.1
(semver)
|
Credits
Blair Crawford
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-06T15:41:55.248316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T16:08:09.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Simple History \u2013 Track, Log, and Audit WordPress Changes",
"vendor": "eskapism",
"versions": [
{
"lessThanOrEqual": "5.8.1",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Blair Crawford"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Simple History plugin for WordPress is vulnerable to sensitive data exposure via Detective Mode due to improper sanitization within the append_debug_info_to_context() function in versions prior to 5.8.1. When Detective Mode is enabled, the plugin\u2019s logger captures the entire contents of $_POST (and sometimes raw request bodies or $_GET) without redacting any password\u2010related keys. As a result, whenever a user submits a login form, whether via native wp_login or a third\u2010party login widget, their actual password is written in clear text into the logs. An authenticated attacker or any user whose actions generate a login event will have their password recorded; an administrator (or anyone with database read access) can then read those logs and retrieve every captured password."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-256",
"description": "CWE-256 Plaintext Storage of a Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T11:13:16.129Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b6364415-da02-4236-b635-d8fbd27faa33?source=cve"
},
{
"url": "https://simple-history.com/support/detective-mode/"
},
{
"url": "https://wordpress.org/plugins/simple-history/#developers"
},
{
"url": "https://github.com/bonny/WordPress-Simple-History/issues/546"
},
{
"url": "https://github.com/bonny/WordPress-Simple-History/commit/68eab0cab6882eafef4bfece884093eeda5ac018"
},
{
"url": "https://wordpress.org/support/topic/security-vulnerability-passwords-stored-as-plain-text-in-logs/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3267487/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-05T21:58:10.000+00:00",
"value": "Disclosed"
}
],
"title": "Simple History \u003c= 5.8.1 - Authenticated (Administrator+) Sensitive Information Exposure via Detective Mode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-5760",
"datePublished": "2025-06-06T11:13:16.129Z",
"dateReserved": "2025-06-05T21:55:51.664Z",
"dateUpdated": "2025-06-06T16:08:09.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}