Simple History WordPress Plugin Sensitive Data Exposure Vulnerability

A vulnerability in the Simple History WordPress plugin, in versions through 5.8.1, allows for sensitive data exposure. This issue arises when Detective Mode is enabled, as the plugin improperly sanitizes data in the append_debug_info_to_context() function. The vulnerability causes the logger to capture the full contents of the $_POST data, and sometimes raw request bodies or $_GET data, without redacting password-related information. Consequently, when users submit login forms—either through the standard WordPress login or third-party widgets like Ultimate Member—their passwords are logged in plain text. This issue can be exploited by authenticated users who trigger a login event, with the potential for password retrieval by administrators or users with database read access.

Impact

Exploitation of this vulnerability leads to the logging of passwords in plain text, violating security standards and creating a risk of password theft.

Reproduction

To reproduce this vulnerability, enable Detective Mode in the Simple History plugin. Then, submit a login form using either the standard WordPress login or a third-party login widget, such as Ultimate Member. After logging in, check the Simple History logs. The raw post data will include the password in clear text, demonstrating the vulnerability.

Remediation

Users can update to Simple History version 5.8.2 or later, where this vulnerability has been patched.