CVE-2026-7459

🗓️ 30 May 2026 09:29:00Reported by WordfenceType

cve🔗 web.nvd.nist.gov👁 30 Views🌐 WEB

Authenticated subscribers can takeover admin via event reaction endpoints in Simple History <=5.26.0.

Reporter	Title	Published	Views	Family All 11
GithubExploit	Exploit for CVE-2026-7459	17 Jun 202609:54	–	githubexploit
ATTACKERKB	CVE-2026-7459	30 May 202609:29	–	attackerkb
Circl	CVE-2026-7459	30 May 202610:30	–	circl
CNNVD	WordPress plugin Simple History 授权问题漏洞	30 May 202600:00	–	cnnvd
Cvelist	CVE-2026-7459 Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint	30 May 202609:29	–	cvelist
EUVD	EUVD-2026-33455	30 May 202609:29	–	euvd
NVD	CVE-2026-7459	30 May 202610:16	–	nvd
Patchstack	WordPress Simple History – Track, Log, and Audit WordPress Changes plugin <= 5.26.0 - Authenticated (Subscriber+) Account Takeover vulnerability	2 Jun 202608:07	–	patchstack
Positive Technologies	PT-2026-45088	30 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-7459	1 Jun 202616:03	–	redhatcve

Vulners

Node

eskapism simple_history_track,_log,_and_audit_wordpress_changesRange≤5.26.0wordpress

[
  {
    "vendor": "eskapism",
    "product": "Simple History – Track, Log, and Audit WordPress Changes",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "5.26.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/simple-history/tags/5.26.0/inc/class-event.php
plugins	www.plugins.trac.wordpress.org/browser/simple-history/trunk/inc/class-event.php
plugins	www.plugins.trac.wordpress.org/browser/simple-history/tags/5.26.0/inc/class-wp-rest-events-controller.php
plugins	www.plugins.trac.wordpress.org/changeset/3524112/simple-history/trunk/inc/class-wp-rest-events-controller.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/95d2bf1a-0993-4553-a00e-6f555c3f15be
plugins	www.plugins.trac.wordpress.org/browser/simple-history/trunk/inc/class-wp-rest-events-controller.php
plugins	www.plugins.trac.wordpress.org/browser/simple-history/tags/5.26.0/inc/class-wp-rest-events-controller.php
plugins	www.plugins.trac.wordpress.org/browser/simple-history/tags/5.26.0/inc/class-wp-rest-events-controller.php
plugins	www.plugins.trac.wordpress.org/browser/simple-history/tags/5.26.0/inc/class-wp-rest-events-controller.php
plugins	www.plugins.trac.wordpress.org/browser/simple-history/trunk/inc/class-wp-rest-events-controller.php

Parameter	Position	Path	Description	CWE
_fields=context	query param	wp-json/simple-history/v1/events/<id>/react	Authenticated attacker can access full event context via react endpoint to read sensitive data (e.g., password-reset details) due to insufficient per-logger capability checks.	CWE-640
_fields=context	query param	wp-json/simple-history/v1/events/<id>/unreact	Authenticated attacker can access full event context via unreact endpoint to read sensitive data (e.g., password-reset details) due to insufficient per-logger capability checks.	CWE-640

17 Jun 2026 11:02Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.5

EPSS0.00349

SSVC

CWE-640