cleantalk
Vulnerabilities and Security Researches

Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin, CVE-2020-35234

CVE, Research URL

CVE-2020-35234

Home page URL

Security reports for Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin

Application

Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin

Published on
Dec 14, 2020
Research Description
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.
Affected versions
Min -, max 1.4.4.
Status
vulnerable
Previous vulnerability researches
WP SMTP (CVE-2024-1789) , Jun 07, 2024
WP SMTP (CVE-2025-1123) , May 24, 2025
Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin (CVE-2022-42699) , Jun 07, 2024
Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin (CVE-2019-25141) , Jun 07, 2024
Easy WP SMTP by SendLayer – WordPress SMTP and Email Log Plugin (CVE-2020-35234) , Jun 07, 2024
New vulnerability
miniOrange Discord Integration (CVE-2025-47672) , May 25, 2025
4stats (CVE-2025-3869) , May 24, 2025
Verge3D Publishing and E-Commerce (CVE-2025-48241) , May 24, 2025
Staggs – Product configurator for WooCommerce (CVE-2025-47637) , May 24, 2025
Additional Custom Emails for WooCommerce (CVE-2025-48251) , May 24, 2025