Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress 7.0.1

  • Severity: critical
  • Status: Fixed
  • Publication: August 29, 2020

The Quiz and Survey Master plugin for WordPress is vulnerable to malicious file uploads. This vulnerability affects versions up to and including 7.0.1. It allows an attacker to upload malicious files to the affected website’s server, which could lead to remote code execution if the configuration of the website is set up in a certain way. This is because the plugin does not properly sanitize the file names, making it possible for the attacker to use a double extension attack method. This vulnerability is an incomplete fix of an earlier vulnerability (CVE-2020-35949).

Detected in:

Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress fixed vulnerable versions: >= * <= 7.0.1
Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.