Critical Flaws Covered in WordPress Quiz Plugin that Could Allow Site Takeover

23
WordPress Quiz Plugin

The recently patched flaws discovered in WordPress could be a disaster, experts say.

The plugin designed to add surveys and quizzes to WordPress websites has patched two critical vulnerabilities. The flaws could be easily exploited by remote, unauthenticated attackers for launching varying attacks – including the ones fully taking over all vulnerable websites.

Quiz and Survey Master, the plugin is currently installed on over 30,000 websites. The two critical flaws discovered include an arbitrary file-upload vulnerability and an unauthenticated arbitrary file deletion error. A patch is available for both these issues in version 7.0.1 of the plugin, confirmed the researchers with Wordfence who discovered the flaws.

To Read More: Threatpost