WordPress Plugin Vulnerabilities

Simple History < 5.24.1 - Unauthenticated Information Exposure

Description

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.24.0. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
simple-history
Fixed in 5.24.1

References

CVE
CVE-2026-39473
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/fbb7624c-848f-485b-b4df-866ebf45d3a0

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
timomangcut
Verified
No
WPVDB ID
c1ffd400-6bb2-4ab6-abbe-f4441587f4b0

Timeline

Publicly Published
2026-03-22 (about 1 month ago)
Added
2026-05-05 (about 8 days ago)
Last Updated
2026-05-05 (about 8 days ago)

Other

Published
Title
Published
2026-03-02
Title
The Tribal < 1.3.5 - Unauthenticated Information Exposure
Published
2025-12-04
Title
SurveyFunnel – Survey Plugin for WordPress <= 1.1.5 - Unauthenticated Information Exposure
Published
2024-09-23
Title
Happy Addons for Elementor < 3.12.3 - Authenticated (Contributor+) Sensitive Information Exposure
Published
2025-04-04
Title
1 Click WordPress Migration <= 2.2 - Unauthenticated Information Disclsoure
Published
2026-02-02
Title
Spectra Gutenberg Blocks < 2.19.18 - Unauthenticated Information Disclosure in Sensitive Data