CyberSec.Space Logo
Back to CVE Browser

CVE-2020-35951

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.0360%
EPSS Percentile17.46th
PublishedJan 1, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).

Affected Platforms (CPE)

πŸ“¦
Expresstech

Quiz And Survey Master

< 7.0.1

References & Advisories

πŸ”— https://wpscan.com/vulnerability/10348
πŸ”— https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/
πŸ”— https://wpscan.com/vulnerability/10348
πŸ”— https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/

Related Vulnerabilities

CVE-2020-3594910.0

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated a...

CVE-2021-242218.8

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id G...

CVE-2021-368987.5

Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.

CVE-2019-175996.1

The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). Th...