"Critical Flaws in WordPress Quiz Plugin Allow Site Takeover"
Researchers at Wordfence have discovered two critical flaws in a WordPress plugin called Quiz and Survey Master, which is actively installed on over 30,000 websites. The two critical flaws that were discovered include an arbitrary file-upload vulnerability ranking 10 out of 10 on the CVSS scale, and an unauthenticated arbitrary file deletion error which has a raking of 9.9 out of 10 on the CVSS scale. If the vulnerabilities are exploited, an adversary could launch varying attacks and could fully take over the vulnerable website. A patch is available for both issues in version 7.0.1 of the plugin.
Threatpost reports: "Critical Flaws in WordPress Quiz Plugin Allow Site Takeover"
Submitted by Anonymous
on