CVE-2020-35951 Scanner

The Quiz and Survey Master plugin for WordPress is a popular tool used by many website owners to create exams, surveys, and quizzes. It's an interactive plugin that offers various question formats, customizable themes, and reporting features. With Quiz and Survey Master, website owners can easily create engaging content for their audience.

However, recently, a vulnerability was detected in the plugin. CVE-2020-35951 allows users to delete files, including the wp-config.php, via the qsm_remove_file_fd_question function. This vulnerability exposes site owners to the risk of a takeover by hackers who could install their version of a WordPress instance. Even though this function was only designed for users to delete their own quiz-answer files, unauthorized access can erase all files, taking the site offline temporarily or permanently.

Exploiting this vulnerability can lead to serious consequences. Hackers can steal confidential data, such as customer information, financial details, and website credentials. They can even redirect the website to a malicious page, steal website traffic, and conduct a ransomware attack. These attacks come with severe legal and financial implications, including loss of reputation, revenue, and customer trust.

At securityforeveryone.com, we prioritize the security of our customers' digital assets. Our platform offers pro features that enable website owners to assess vulnerabilities and threats in real-time. With our advanced scanning and reporting options, website owners can easily and quickly detect and fix vulnerabilities, ensuring their website is secure and protected from cyberattacks. Don't wait for a security breach to occur, join us today and secure your digital assets!

REFERENCES

• https://wpscan.com/vulnerability/10348
• https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/