CVE-2020-35951

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).
Configurations

Configuration 1

cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*

Information

Published : 2021-01-01 04:15

Updated : 2021-07-21 11:39


NVD link : CVE-2020-35951

Mitre link : CVE-2020-35951

Products Affected
No products.
CWE