Lucene search
K

4 matches found

CVE
CVE
added 2026/05/30 9:29 a.m.40 views

CVE-2026-7459

The CVE concerns the Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress (

7.5CVSS5.8AI score0.00593EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2026/05/30 9:29 a.m.9 views

CVE-2026-7459 Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS5.8AI score0.00593EPSS
Exploits1References12
Cvelist
Cvelist
added 2026/05/30 9:29 a.m.50 views

CVE-2026-7459 Simple History – Track, Log, and Audit WordPress Changes <= 5.26.0 - Authenticated (Subscriber+) Account Takeover via Missing Authorization on Event Reaction Endpoint

The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated Subscriber+ account takeover in all versions up to, and including, 5.26.0 via the event reaction endpoints reacttoevent / unreacttoevent. The endpoints register getitemspermissionschec...

7.5CVSS0.00593EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.14 views

PT-2026-45088

Name of the Vulnerable Software and Affected Versions Simple History versions prior to 5.26.1 Description The Simple History plugin for WordPress allows authenticated users with Subscriber-level permissions or higher to take over accounts. The issue exists in the event reaction endpoints...

7.5CVSS5.8AI score0.00593EPSS
Exploits1References18
Rows per page
Query Builder