SMTP WP Plugin Directory Listing
ID: CVE-2020-35234
Severity: high
Author: PR3R00T
Tags: cve2020,cve,wordpress,wp-plugin,smtp,wp-ecommerce
Description
Section titled “Description”The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access.
YAML Source
Section titled “YAML Source”id: CVE-2020-35234
info: name: SMTP WP Plugin Directory Listing author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. impact: | Low: Information disclosure remediation: Upgrade to version 1.4.3 or newer and consider disabling debug logs. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-35234 - https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/ - https://wordpress.org/plugins/easy-wp-smtp/#developers - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-35234 cwe-id: CWE-532 epss-score: 0.36584 epss-percentile: 0.97167 cpe: cpe:2.3:a:wp-ecommerce:easy_wp_smtp:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 vendor: wp-ecommerce product: easy_wp_smtp framework: wordpress tags: cve2020,cve,wordpress,wp-plugin,smtp,wp-ecommerce
http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/easy-wp-smtp/" - "{{BaseURL}}/wp-content/plugins/wp-mail-smtp-pro/"
matchers: - type: word words: - "debug" - "log" - "Index of" condition: and# digest: 4b0a00483046022100c4bd86a9707ec7a99fad0b9ff70eca39f9f64835d0d7dfafa4f8976f2d5e9d64022100d75ead5d83affcef0dd8123ee872f22b328e32d517de424744857db16201e437:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-35234.yaml"