Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-35234

EPSS 81.46% · P99
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-35234

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress 日志信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress easy-wp-smtp plugin 1.4.4之前版本存在日志信息泄露漏洞,该漏洞源于允许接管管理员帐户,如果攻击者可以列出wp-content/plugins/easy-wp-smtp/目录,则他们可以 发现包含所有密码重置链接的日志文件(例如,############# _ debug_log.txt)。 攻击者可以请
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2020-35234

#POC DescriptionSource LinkShenlong Link
1The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-35234.yamlPOC Details
2Detected WordPress Easy WP SMTP plugin debug log file exposed via directory listing, potentially revealing sensitive email contents including password reset links. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/wordpress/wp-easy-wp-smtp-log-exposure.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-35234

登录查看更多情报信息。

Same Patch Batch · n/a · 2020-12-14 · 56 CVEs total

CVE-2020-0444Google Android Pixel 安全漏洞
CVE-2020-35457GNOME Glib 输入验证错误漏洞
CVE-2020-0457Google Android 缓冲区错误漏洞
CVE-2020-0016Google Android Pixel 信任管理问题漏洞
CVE-2020-0456Google Android 缓冲区错误漏洞
CVE-2020-0455Google Android Pixel 缓冲区错误漏洞
CVE-2020-0019Google Android Pixel 信任管理问题漏洞
CVE-2020-0458Google Android Pixel 输入验证错误漏洞
CVE-2020-0459Google Android 安全漏洞
CVE-2020-0468Google Android Pixel 安全漏洞
CVE-2020-0440Google Android 安全漏洞
CVE-2020-0464Google Android 安全漏洞
CVE-2020-0466Google Android资源管理错误漏洞
CVE-2020-0099Google Android 安全漏洞
CVE-2020-20189Ornose15 Newpk SQL注入漏洞
CVE-2020-14368Eclipse Che 跨站请求伪造漏洞
CVE-2020-20184Liftoff GateOne 输入验证错误漏洞
CVE-2020-29304WordPress 跨站脚本漏洞
CVE-2020-29303WordPress SabaiApps DirectoriesPro plugin 跨站脚本漏洞
CVE-2020-20183Zyxel P1302-T10 代码问题漏洞

Showing top 20 of 56 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2020-35234

No comments yet

Leave a comment