CVE-2025-5760
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-06-06
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-256 | The product stores a password in plaintext within resources such as memory or files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5760 is a vulnerability in the Simple History WordPress plugin where, when Detective Mode is enabled, the plugin logs the entire contents of HTTP request data ($_POST, sometimes raw request bodies or $_GET) without properly masking password-related fields. This means that whenever a user submits a login form, their actual password is recorded in clear text within the logs. Any authenticated user triggering a login event or an attacker with access to the logs (such as an administrator or anyone with database read access) can retrieve these plaintext passwords, exposing sensitive user credentials. [1, 2, 4]
How can this vulnerability impact me? :
This vulnerability can lead to sensitive data exposure, specifically user passwords being stored in plaintext within plugin logs. If an attacker or unauthorized user gains access to these logs, they can retrieve user passwords, potentially compromising user accounts and site security. This risk extends to any login event, including those from native WordPress login or third-party login widgets. The exposure of passwords in logs increases the likelihood of credential theft, unauthorized access, and further exploitation of the affected WordPress site. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
Storing passwords in plaintext within logs violates security best practices and compliance requirements of standards such as GDPR, HIPAA, NIST SP 800-63, and ISO 27001. These regulations mandate the protection of sensitive personal data and credentials to prevent unauthorized access and data breaches. The vulnerability exposes users to significant risk if logs are accessed by unauthorized parties, thereby undermining compliance with these standards. Proper masking or encryption of sensitive data in logs is required to maintain compliance and protect user privacy. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by examining the logs generated by the Simple History plugin when Detective Mode is enabled. Specifically, you should look for log entries that contain plaintext passwords in fields such as detective_mode_post_raw, detective_mode_get, or other debug fields capturing HTTP request data. Searching the WordPress database logs or exported log files for keywords like 'password', 'pass', or 'pwd' in the context of login events can help identify if sensitive data is being exposed. Since the plugin supports WP-CLI commands, you can use WP-CLI to export or view logs for analysis. For example, you might run WP-CLI commands to query or export logs and then grep for password-related fields. However, no exact commands are provided in the resources. [2, 3, 4]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should update the Simple History plugin to version 5.8.2 or later, where the issue is fixed by masking sensitive password-related fields in Detective Mode logs. This update masks fields starting with strings like 'pwd', 'pass', 'user_password', etc., replacing their values with '<removed by Simple History>', and removes raw POST data from logs to prevent exposure of plaintext passwords. Additionally, if Detective Mode is not essential, consider disabling it temporarily to reduce sensitive data logging. Ensure that only trusted administrators have access to the logs and database to minimize risk. Applying the official patch or update from the plugin author is the recommended action. [1, 5, 6]