Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:14EADE63-E365-4BFC-A30E-9E2A7E739049
HistoryDec 07, 2020 - 12:00 a.m.

Easy WP SMTP < 1.4.3 - Debug Log Disclosure

2020-12-0700:00:00
wpscan.com
14
JSON

The plugin has an optional debug log file generated with a random name, located in the plugin folder and which contains all email messages sent. However, this folder does not have any index page, allowing access to log file on servers with the directory listing enabled or misconfigured. This could allow attackers to gain unauthorised access to the blog by reseting the admin password by getting the reset link from the log.

CPENameOperatorVersion
easy-wp-smtplt1.4.3

Related

attackerkb 1
cve 1
prion 1
openvas 1
nuclei 1
rapid7blog 1
attackerkb
attackerkb
CVE-2020-35234
2020-12-14 00:00:00
cve
cve
CVE-2020-35234
2020-12-14 03:15:00
prion
prion
Default credentials
2020-12-14 03:15:00
openvas
openvas
WordPress Easy WP SMTP Plugin < 1.4.4 Information Disclosure Vulnerability
2020-12-18 00:00:00
nuclei
nuclei
SMTP WP Plugin Directory Listing
2020-12-13 20:05:21
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-01-08 19:54:36
JSON
Related for WPVDB-ID:14EADE63-E365-4BFC-A30E-9E2A7E739049
attackerkb1cve1prion1openvas1nuclei1rapid7blog1