News

Critical vulnerabilities in Quiz And Survey Master WordPress Plugin

Quiz and Survey Master is a WordPress plugin for creating quizzes and surveys easily on WordPress sites. It is installed on over 30,000+ websites.

Recently WordFence‘s Chloe Chamberland discovered two critical vulnerabilities in Quiz and Survey Master plugin version 7.0.

VulnerabilityDanger levelExploitation
Arbitrary file uploadCriticalEasy to exploit
Arbitrary file deleteCriticalEasy to exploit

Arbitrary File Upload

The first vulnerability is the Arbitrary file upload vulnerability. Exploiting this vulnerability can allow an attacker to upload an arbitrary PHP file. After that, the script can be run and it can perform any action on the site.

Arbitrary file upload vulnerability can be exploited by an unauthenticated user that means even if the site that has the vulnerable plugin installed has turned off site registrations, the attacker can exploit this vulnerability without any user capabilities.

Unauthenticated Arbitrary File Deletion

The second vulnerability is also a critical vulnerability that can allow an attacker to delete any arbitrary file from the site. An attacker can exploit this vulnerability without any user capabilities. Both these vulnerabilities can allow an attacker to take over the entire website and the hosting.

The plugin is installed on over 30,000+ websites. Developers have released the patched version which is 7.0.1. All the users of Quiz and Survey Master plugin are recommended to update the plugin immediately.

Proof of Concept

Sohail

Mohd Sohail is a web developer and a Linux sysAdmin. He also loves to write how-to articles, applications reviews and loves to use new Linux distributions.

View Comments

  • Thanks for the opportunity
    The Linux Mint is a great OS in open source, good in software diversity but there are some difficulties using some softwhare like pdf weiver.

Recent Posts

Ubuntu 21.10 “Impish Indri” Available To Download

After 6 months of development, Ubuntu 21.10 codenamed "Impish Indri" is now available for download.…

4 days ago

Best Spotify Alternatives For Linux

Spotify is the most popular music streaming service. A Spotify free account grants access to…

7 days ago

[Fixed] error: snap “package” not found

Snap has grown in popularity among Linux users. Instead of using system packages, snap containerizes…

2 weeks ago

Twitch Data Leak 2021 Includes 125GB Private Data

Another breach of the year 2021 is the Twitch Data Leak, which comprises 125GB of…

2 weeks ago

10 Best Games For Linux

I wrote a list of the best FPS games for Linux a few years ago.…

2 weeks ago

Epic Games To Release AntiCheat For Linux

The day I've been looking forward to for years. When I first started blogging in…

2 weeks ago