What is CVE-2020-35234?

CVE-2020-35234 is a vulnerability in N/a. Published 2020-12-14.

Is CVE-2020-35234 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-35234

The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file…

EPSS: 0.822 (99.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/ (x_refsource_MISC)
wordpress.org/plugins/easy-wp-smtp/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-35234?: CVE-2020-35234 is a vulnerability in N/a. Published 2020-12-14.
Is CVE-2020-35234 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.