Wordpress Quiz and Survey Master Plugin Arbitrary File Deletion Vulnerability CVE-2020-35951 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Wordpress Quiz and Survey Master Plugin Arbitrary File Deletion Vulnerability CVE-2020-35951 Scanner Detail

There is an arbitrary file deletion vulnerability in Wordpress Quiz and Survey Master Plugin.

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).

Some Advice for Common Problems

Update your Wordpress Quiz and Survey Master Plugin to the latest version to eliminate this vulnerability.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service