Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-35234
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress 日志信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress easy-wp-smtp plugin 1.4.4之前版本存在日志信息泄露漏洞,该漏洞源于允许接管管理员帐户,如果攻击者可以列出wp-content/plugins/easy-wp-smtp/目录,则他们可以 发现包含所有密码重置链接的日志文件(例如,############# _ debug_log.txt)。 攻击者可以请
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2020-35234
#POC DescriptionSource LinkShenlong Link
1The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-35234.yamlPOC Details
2Detected WordPress Easy WP SMTP plugin debug log file exposed via directory listing, potentially revealing sensitive email contents including password reset links. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/wordpress/wp-easy-wp-smtp-log-exposure.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2020-35234
Please Login to view more intelligence information
New Vulnerabilities
Product: n/a
Vendor: n/a
V. Comments for CVE-2020-35234

No comments yet

Leave a comment