CVE-2026-7459
Authenticated Account Takeover in Simple History WordPress Plugin
Publication date: 2026-05-30
Last updated on: 2026-05-30
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| simple_history | simple_history | to 5.26.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-640 | The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the Simple History β Track, Log, and Audit WordPress Changes plugin for WordPress, in all versions up to and including 5.26.0. It allows an authenticated user with Subscriber-level permissions to take over higher-privileged accounts, such as administrators.
This happens because the plugin's event reaction endpoints (react_to_event() / unreact_to_event()) only check if the requester is logged in, without enforcing proper capability checks. As a result, a Subscriber can access sensitive event data, including password-reset email contents that contain reset URLs and keys.
An attacker can trigger a password reset for an administrator, then brute-force event IDs to find the password reset event containing the reset key, and use that key to complete the password reset and take over the administrator account. Exploitation requires that the administrator has enabled an experimental features option, which is not enabled by default.
How can this vulnerability impact me? :
This vulnerability can lead to a complete account takeover of administrator accounts by users with only Subscriber-level access. This means an attacker can gain full control over the WordPress site.
With administrator privileges, the attacker can modify site content, install malicious plugins or themes, steal sensitive data, disrupt site operations, or use the compromised site for further attacks.
The impact is severe as it compromises the confidentiality, integrity, and availability of the affected WordPress site.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows a Subscriber-level user to gain access to sensitive information, including password-reset email bodies containing reset URLs and keys, which can lead to administrator account takeover.
Such unauthorized access to sensitive user data and account takeover risks violating data protection requirements under regulations like GDPR and HIPAA, which mandate strict controls over personal and sensitive information.
Therefore, exploitation of this vulnerability could result in non-compliance with these standards due to inadequate access controls and potential exposure of personal data.