CVE-2020-35951
published 2021-01-01CVE-2020-35951: An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file…
PriorityP181critical9.9CVSS 3.1
AVNACLPRNUINSCCLILAH
EXPLOIT
EPSS
76.33%
99.5th percentile
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| expresstech | quiz_and_survey_master | < 7.0.1 | 7.0.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated POST/GET requests invoking the 'qsm_remove_file_fd_question' WordPress AJAX action, which can delete arbitrary files including wp-config.php without authentication. ↗
- →Alert on deletion of wp-config.php via web-accessible requests, which may indicate exploitation of this vulnerability to take the site offline and enable attacker-controlled reinstallation. ↗
- →Use the nuclei-style body matcher regex '([/a-z_]+)wp' against HTTP responses to fingerprint vulnerable Quiz and Survey Master plugin installations.
- ·The nuclei template digest/signature is present but the source URL is not publicly attributed; treat the fingerprint regex as internal/private and validate before production deployment.
- ·The vulnerability affects Quiz and Survey Master plugin versions before 7.0.1 for WordPress; detections should be scoped to installations running versions prior to 7.0.1. ↗
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion
nuclei·CVSS 9.9
CVE-2020-35951 [CRITICAL] Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion
Wordpress Quiz and Survey Master ([/a-z_]+)wp
internal: true
part: body
# digest: 490a0046304402203c73313c3a3f391a5f22c1ccd307986fe9cb64f1c5f2083fd7665601f7b83dca022054d4c165b9a0ec2b3f42da4d230e82729f7d455afddd4d8d2d2ce3e94cd74668:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2021-01-01
Published