Description

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker is prone to multiple vulnerabilities, including arbitrary file deletion and arbitrary file upload vulnerabilities. An attacker may leverage these issues to delete arbitrary files or to upload arbitrary code and run it in the context of the webserver process, which may facilitate unauthorized access or privilege escalation. WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker version 7.0.0 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 7.0.1 or latest

References

https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/

https://www.youtube.com/watch?v=sC4U-oNW34c

https://plugins.svn.wordpress.org/quiz-master-next/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin Cryptocurrency Widgets For Elementor Security Bypass (1.2.1)

Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2022-42129)

WordPress Plugin WP-FeedStats de HTML Injection (2.3)

WordPress Plugin Woocommerce Products Price Bulk Edit Cross-Site Scripting (2.2.0)

WordPress Plugin Lightbox Multiple Vulnerabilities (1.6.6)

Severity

High

Classification

CVE-2020-35949 CVE-2020-35951 CWE-73 CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update