How severe is CVE-2020-35951?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2020-35951?

This is classified as CWE-306, which is a common weakness in software security.

CVE-2020-35951 - CRITICAL Severity | CVSS 9.9

Vulnerability Description

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).

Related Vulnerabilities

CVE-2016-8355

CRITICAL

CVSS:9.9(Critical)

An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges ...

CWE-3062016

CVE-2017-12822

CRITICAL

CVSS:9.9(Critical)

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.

CWE-3062017

CVE-2024-32764

CRITICAL

CVSS:9.9(Critical)

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functional...

CWE-3062024

CVE-2006-0061

CRITICAL

CVSS:9.8(Critical)

xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session.

CWE-3062006

CVE-2006-0062

CRITICAL

CVSS:9.8(Critical)

xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window.

CWE-3062006

CVE-2010-5326

CRITICAL

CVSS:10.0(Critical)

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTT...

CWE-3062010