ByteOS Network

simple_history

Source -

NVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2022-45350

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-8.8||HIGH

EPSS-0.69% / 70.90%

7 Day CHG~0.00%

Published-07 Nov, 2023 | 15:05

Updated-04 Sep, 2024 | 20:35

WordPress Simple History Plugin <= 3.3.1 is vulnerable to CSV Injection

Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool.This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1.

Vendor-simple-history Pär Thernström

Product-simple_history Simple History – user activity log, audit tool

CWE ID-CWE-1236

Improper Neutralization of Formula Elements in a CSV File

CVE-2022-4011

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-6.5||MEDIUM

EPSS-0.07% / 22.71%

7 Day CHG~0.00%

Published-16 Nov, 2022 | 00:00

Updated-14 Apr, 2025 | 15:55

Simple History Plugin Header neutralization for logs

A vulnerability was found in Simple History Plugin. It has been rated as critical. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213785 was assigned to this vulnerability.

Vendor-simple_history_project unspecified

Product-simple_history Simple History Plugin

CWE ID-CWE-707

Improper Neutralization

CWE ID-CWE-116

Improper Encoding or Escaping of Output