CVE-2026-7459 is an authenticated account takeover vulnerability in the Simple History WordPress plugin where a subscriber-level user can read password reset emails and escalate privileges to an administrator account.
Simple History – Track, Log, and Audit WordPress Changes plugin
wordpress
account-takeover
privilege-escalation
cve
2r
1t
1c