id: CVE-2020-35234 info: name: SMTP WP Plugin Directory Listing author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. remediation: Upgrade to version 1.4.3 or newer and consider disabling debug logs. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-35234 - https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/ - https://wordpress.org/plugins/easy-wp-smtp/#developers classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-35234 cwe-id: CWE-532 epss-score: 0.38965 epss-percentile: 0.96803 cpe: cpe:2.3:a:wp-ecommerce:easy_wp_smtp:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 vendor: wp-ecommerce product: easy_wp_smtp framework: wordpress tags: cve,cve2020,wordpress,wp-plugin,smtp http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/easy-wp-smtp/" - "{{BaseURL}}/wp-content/plugins/wp-mail-smtp-pro/" matchers: - type: word words: - "debug" - "log" - "Index of" condition: and # digest: 4a0a00473045022022e07d19d30a81334ebe11a023691a8b334c44b14145c95d7c433579a0a8582b022100bd24df0b1c15ebc902779ca4b77ef09e2301084f2ff02156d4a8b82d8f541971:922c64590222798bb761d5b6d8e72950