CVE-2020-35234

HIGH EXPLOITED IN THE WILD NUCLEI

Wp-ecommerce Easy WP SMTP < 1.4.4 - Log Information Exposure

Title source: rule

Description

The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.

Exploits (1)

metasploit WORKING POC

by h00die · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_easy_wp_smtp.rb

View Code ZIP pw:eip

Nuclei Templates (1)

SMTP WP Plugin Directory Listing

HIGHby PR3R00T

References (2)

[Exploit, Third Party Advisory] https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/

[Product, Release Notes, Third Party Advisory] https://wordpress.org/plugins/easy-wp-smtp/#developers

Scores

CVSS v3 7.5

EPSS 0.8146

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2020-12-13

InTheWild.io 2020-12-15

CWE

CWE-532

Status published

Products (1)

wp-ecommerce/easy_wp_smtp < 1.4.4

Published Dec 14, 2020

Tracked Since Feb 18, 2026