CVE-2025-5760 is a medium-severity vulnerability affecting the Simple History plugin for WordPress, specifically versions prior to 5.8.1. The vulnerability arises from improper sanitization in the append_debug_info_to_context() function when Detective Mode is enabled. This mode causes the plugin's logger to capture the entire contents of HTTP request data such as $_POST, raw request bodies, or $_GET parameters without redacting sensitive information, including password-related keys. Consequently, whenever a user submits a login credentials form—whether through the native WordPress login (wp_login) or third-party login widgets—their plaintext password is logged directly into the plugin's audit logs. These logs are stored in the WordPress database and can be accessed by administrators or any user with database read permissions. This exposure allows an authenticated attacker or any user whose actions trigger login events to have their passwords recorded in clear text, creating a significant risk of credential compromise. The vulnerability does not require user interaction beyond normal login procedures but does require that Detective Mode be enabled and that the attacker have at least authenticated access or database read access to retrieve the logged passwords. The CVSS 3.1 base score is 4.9, reflecting a medium severity due to the high confidentiality impact but limited integrity and availability impact, and the requirement for privileges to exploit. No known exploits are currently reported in the wild. This vulnerability is classified under CWE-256, which relates to plaintext storage of sensitive information, a common security anti-pattern that can lead to credential theft and subsequent account compromise.

For European organizations using WordPress with the Simple History plugin, this vulnerability poses a significant risk to user credential confidentiality. If Detective Mode is enabled, attackers with authenticated access or database read permissions can harvest plaintext passwords from logs, potentially leading to unauthorized access to user accounts, privilege escalation, and lateral movement within the network. This risk is exacerbated in environments where administrators or other users have broad database access rights. The exposure of passwords can also facilitate credential stuffing attacks against other systems if users reuse passwords. Given the widespread use of WordPress across European businesses, including government, education, and commerce sectors, the vulnerability could lead to data breaches, regulatory non-compliance (e.g., GDPR violations due to inadequate protection of personal data), reputational damage, and financial losses. The vulnerability's impact is primarily on confidentiality, with no direct effect on system integrity or availability. However, the indirect consequences of credential compromise could be severe. Organizations with strict compliance requirements and those handling sensitive or personal data are particularly at risk.

European organizations should immediately verify if the Simple History plugin is installed and whether Detective Mode is enabled. The primary mitigation is to upgrade the plugin to version 5.8.1 or later, where this vulnerability has been addressed by proper sanitization and redaction of sensitive data in logs. If upgrading is not immediately feasible, organizations should disable Detective Mode to prevent logging of sensitive request data. Additionally, restrict database access strictly to necessary personnel and enforce the principle of least privilege to minimize exposure. Regularly audit logs for sensitive data leakage and implement monitoring to detect unusual access patterns to the logs or database. Organizations should also consider implementing multi-factor authentication (MFA) to reduce the impact of compromised passwords. Finally, review and update incident response plans to include steps for credential exposure scenarios and ensure timely password resets for affected users if a breach is suspected.