CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-35951

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.0360%
EPSS Percentile17.46th
Published2021年1月1日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).

Affected Platforms (CPE)

📦
Expresstech

Quiz And Survey Master

< 7.0.1

References & Advisories

🔗 https://wpscan.com/vulnerability/10348
🔗 https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/
🔗 https://wpscan.com/vulnerability/10348
🔗 https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/

相关漏洞威胁

CVE-2020-3594910.0

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated a...

CVE-2021-242218.8

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id G...

CVE-2021-368987.5

Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress.

CVE-2019-175996.1

The quiz-master-next (aka Quiz And Survey Master) plugin before 6.3.5 for WordPress is affected by: Cross Site Scripting (XSS). Th...