id: CVE-2020-35234 info: name: SMTP WP Plugin Directory Listing author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. impact: | Low: Information disclosure remediation: Upgrade to version 1.4.3 or newer and consider disabling debug logs. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-35234 - https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/ - https://wordpress.org/plugins/easy-wp-smtp/#developers classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-35234 cwe-id: CWE-532 epss-score: 0.37453 epss-percentile: 0.9684 cpe: cpe:2.3:a:wp-ecommerce:easy_wp_smtp:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 vendor: wp-ecommerce product: easy_wp_smtp framework: wordpress tags: cve,cve2020,wordpress,wp-plugin,smtp,wp-ecommerce http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/easy-wp-smtp/" - "{{BaseURL}}/wp-content/plugins/wp-mail-smtp-pro/" matchers: - type: word words: - "debug" - "log" - "Index of" condition: and # digest: 4b0a004830460221008f7cbcd57f8fb01a56fb31aa4ac715eccba9bc902075720505c59a84abf4aabb022100bcd615089e43a626a35c6c5c8c54bdd477e1e5496096ff7d8d089e9e6305fb51:922c64590222798bb761d5b6d8e72950