CyberSec.Space Logo
Back to CVE Browser

CVE-2020-35949

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0940%
EPSS Percentile44.85th
PublishedJan 1, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checked during the upload, and thus the attacker could use text/plain for a .php file.

Affected Platforms (CPE)

πŸ“¦
Expresstech

Quiz And Survey Master

< 7.0.1

References & Advisories

πŸ”— https://wpscan.com/vulnerability/10349
πŸ”— https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/
πŸ”— https://wpscan.com/vulnerability/10349
πŸ”— https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/

Related Vulnerabilities

CVE-2020-359519.9

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files...

CVE-2021-242218.8

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id G...

CVE-2021-368987.5

Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.

CVE-2019-175996.1

The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). Th...