25 C
Jaipur
Friday, October 23, 2020

Critical vulnerabilities in Quiz And Survey Master WordPress Plugin

Must read

huawei: Huawei ekes out third-quarter revenue growth as US restrictions bite – Latest News

Huawei Technologies Co Ltd eked out a gain in third-quarter revenue as the impact of the COVID-19 pandemic added to supply-chain difficulties brought about...

MEE Audio launches new range of Bluetooth audio accessories

MEE Audio has released a new range of audio products at different price points. There’s a new ‘MEE Audio Connect

Accenture along with SAP aims to take businesses into cloud-based open industry solutions

Accenture has announced it will be working side-by-side with SAP to help companies change their business operations with industry-specific solutions based on SAP’s...

huawei: Italy vetoes 5G deal between Fastweb and China’s Huawei: Sources – Latest News

Italy has prevented telecoms group Fastweb from signing a supply deal with Huawei for its 5G core network, two sources close to the matter...

Quiz and Survey Master is a WordPress plugin for creating quizzes and surveys easily on WordPress sites. It is installed on over 30,000+ websites.

Recently WordFence‘s Chloe Chamberland discovered two critical vulnerabilities in Quiz and Survey Master plugin version 7.0.

Vulnerability Danger level Exploitation
Arbitrary file upload Critical Easy to exploit
Arbitrary file delete Critical Easy to exploit

Arbitrary File Upload

The first vulnerability is the Arbitrary file upload vulnerability. Exploiting this vulnerability can allow an attacker to upload an arbitrary PHP file. After that, the script can be run and it can perform any action on the site.

Arbitrary file upload vulnerability can be exploited by an unauthenticated user that means even if the site that has the vulnerable plugin installed has turned off site registrations, the attacker can exploit this vulnerability without any user capabilities.

Unauthenticated Arbitrary File Deletion

The second vulnerability is also a critical vulnerability that can allow an attacker to delete any arbitrary file from the site. An attacker can exploit this vulnerability without any user capabilities. Both these vulnerabilities can allow an attacker to take over the entire website and the hosting.

The plugin is installed on over 30,000+ websites. Developers have released the patched version which is 7.0.1. All the users of Quiz and Survey Master plugin are recommended to update the plugin immediately.

Proof of Concept

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

huawei: Huawei ekes out third-quarter revenue growth as US restrictions bite – Latest News

Huawei Technologies Co Ltd eked out a gain in third-quarter revenue as the impact of the COVID-19 pandemic added to supply-chain difficulties brought about...

MEE Audio launches new range of Bluetooth audio accessories

MEE Audio has released a new range of audio products at different price points. There’s a new ‘MEE Audio Connect

Accenture along with SAP aims to take businesses into cloud-based open industry solutions

Accenture has announced it will be working side-by-side with SAP to help companies change their business operations with industry-specific solutions based on SAP’s...

huawei: Italy vetoes 5G deal between Fastweb and China’s Huawei: Sources – Latest News

Italy has prevented telecoms group Fastweb from signing a supply deal with Huawei for its 5G core network, two sources close to the matter...

huawei: Huawei reports 9.9% revenue growth in first 3 quarters of 2020 – Latest News

Huawei on Friday said that it generated a revenue of 671.3 billion yuan ($98.57 billion) in the first three quarters of this year, an...