id: CVE-2020-35234 info: name: SMTP WP Plugin Directory Listing author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-35234 - https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/ - https://wordpress.org/plugins/easy-wp-smtp/#developers remediation: Upgrade to version 1.4.3 or newer and consider disabling debug logs. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-35234 cwe-id: CWE-532 cpe: cpe:2.3:a:wp-ecommerce:easy_wp_smtp:*:*:*:*:*:*:*:* epss-score: 0.53008 tags: cve,cve2020,wordpress,wp-plugin,smtp http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/easy-wp-smtp/" - "{{BaseURL}}/wp-content/plugins/wp-mail-smtp-pro/" matchers: - type: word words: - "debug" - "log" - "Index of" condition: and # Enhanced by cs on 2022/02/28