News Security

Critical vulnerabilities in Quiz And Survey Master WordPress Plugin

Vulnerabilities in Quiz survey master

Quiz and Survey Master is a WordPress plugin for creating quizzes and surveys easily on WordPress sites. It is installed on over 30,000+ websites.

Recently WordFence‘s Chloe Chamberland discovered two critical vulnerabilities in Quiz and Survey Master plugin version 7.0.

VulnerabilityDanger levelExploitation
Arbitrary file uploadCriticalEasy to exploit
Arbitrary file deleteCriticalEasy to exploit

Arbitrary File Upload

The first vulnerability is the Arbitrary file upload vulnerability. Exploiting this vulnerability can allow an attacker to upload an arbitrary PHP file. After that, the script can be run and it can perform any action on the site.

Arbitrary file upload vulnerability can be exploited by an unauthenticated user that means even if the site that has the vulnerable plugin installed has turned off site registrations, the attacker can exploit this vulnerability without any user capabilities.

Unauthenticated Arbitrary File Deletion

The second vulnerability is also a critical vulnerability that can allow an attacker to delete any arbitrary file from the site. An attacker can exploit this vulnerability without any user capabilities. Both these vulnerabilities can allow an attacker to take over the entire website and the hosting.

The plugin is installed on over 30,000+ websites. Developers have released the patched version which is 7.0.1. All the users of Quiz and Survey Master plugin are recommended to update the plugin immediately.

Proof of Concept

1 comment

Herath KM August 14, 2020 at 11:32 am

Thanks for the opportunity
The Linux Mint is a great OS in open source, good in software diversity but there are some difficulties using some softwhare like pdf weiver.

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This website uses cookies to improve your experience. We'll assume you're ok with this. Thank you! Accept Read More