The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.
Published 2020-12-14 03:15:13
Updated 2020-12-15 23:45:39
Source MITRE
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-35234

36.58%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2020-35234

  • WordPress Easy WP SMTP Password Reset
    Disclosure Date: 2020-12-06
    First seen: 2020-12-19
    auxiliary/scanner/http/wp_easy_wp_smtp
    Wordpress plugin Easy WP SMTP versions <= 1.4.2 was found to not include index.html within its plugin folder. This potentially allows for directory listings. If debug mode is also enabled for the plugin, all SMTP commands are stored in a debug file. An email must hav

CVSS scores for CVE-2020-35234

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.0
MEDIUM AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
NIST
7.5
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.9
3.6
NIST

CWE ids for CVE-2020-35234

References for CVE-2020-35234

Products affected by CVE-2020-35234

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!