CVE-2020-35234
Description
Easy WP SMTP plugin before 1.4.4 exposes password-reset links in debug logs, allowing Administrator account takeover.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Easy WP SMTP plugin before 1.4.4 exposes password-reset links in debug logs, allowing Administrator account takeover.
Vulnerability
The easy-wp-smtp plugin for WordPress, versions before 1.4.4, contains an information disclosure vulnerability. The plugin's debug log file (named in the format #############_debug_log.txt) is stored in the wp-content/plugins/easy-wp-smtp/ directory. If an attacker can list the contents of that directory, they can locate and read the log file. This log file records all password-reset links sent via the WordPress password reset feature. An attacker can then trigger a password-reset request for the Administrator account and, using a link from the log, complete the reset and take over the account [1].
Exploitation
An attacker requires the ability to list the wp-content/plugins/easy-wp-smtp/ directory on the target WordPress site. This may be possible through directory listing enabled on the web server, or by using file inclusion vulnerabilities, directory traversal, or other means to enumerate files in that path. Once the attacker discovers the debug log file name, they can access it directly. The attacker then requests a password reset for the WordPress Administrator account, which generates a new reset link. By reading the debug log, the attacker obtains that link and uses it to set a new password, thereby gaining full administrator access [1].
Impact
Successful exploitation results in complete takeover of the WordPress Administrator account. The attacker gains full administrative privileges over the WordPress site, including the ability to modify content, install plugins, change user roles, and potentially escalate to server-level compromise. The impact is total loss of confidentiality, integrity, and availability of the affected WordPress installation [1].
Mitigation
The vulnerability is fixed in version 1.4.4 of the easy-wp-smtp plugin, released in December 2020. Users must update to version 1.4.4 or later immediately. The plugin's current version is 2.14.0, which includes the fix. No workaround is available other than updating. This CVE was exploited in the wild in December 2020 [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <1.4.4
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/mitrex_refsource_MISC
- wordpress.org/plugins/easy-wp-smtp/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.