Home Hacking News Quiz And Master Survey WP Plugin Vulnerabilities Allowed Site Takeover

Quiz And Master Survey WP Plugin Vulnerabilities Allowed Site Takeover

by Abeerah Hashim
Shield Security WP plugin patched file inclusion vulnerability

Critical vulnerabilities existed in the Quiz and Master Survey plugin that threatened thousands of websites. Exploiting the flaw could allow an attacker to takeover the target website.

Quiz And Master Survey Plugin Vulnerabilities

Wordfence has shared details about security flaws in another WordPress plugin. This time, they found the vulnerabilities in Quiz and Master Survey plugin. It is a dedicated plugin meant for facilitating users in creating various surveys, including exam quizzes, employee surveys, and other questionnaires.

As revealed through their blog post, they found two different vulnerabilities affecting the plugin.

The first of these is a critical severity bug that received a CVSS score of 10.0. The problem affected the file upload feature of the plugin. While this feature facilitates uploading files in response to a survey, its unsecured implementation could allow malicious attacks.

It’s because the feature only checked for the file content type before upload, that anyone could spoof. As explained in the post,

If a quiz contained a file upload which was configured to only accept .txt files, an executable PHP file could be uploaded by setting the “Content-Type” field to ‘text/plain’ to bypass the plugin’s weak checks.

Hence, such upload of PHP files could allow an adversary to achieve remote code execution eventually taking over the site.

The second vulnerability was also a critical severity bug with a CVSS score of 9.9. It aroused because of the improper implementation of the file delete feature. As Wordfence described in the post,

This qsm_remove_file_fd_question function is registered with a regular AJAX action and a nopriv AJAX action. This meant that the function could be triggered by unauthenticated users, which is to be expected due to the quizzes not requiring authentication.

Thus, exploiting this bug could let an unauthenticated adversary delete important files.

The following video demonstrated PoC for the exploit.

Patches Rolled Out

Upon discovering the bugs, the researchers reached out to the vendors to report the flaws. Though, it took them a while to communicate smoothly. Nonetheless, following their reports, the developers quickly fixed both the bugs.

Hence, the patches are available with the Quiz And Survey Master plugin version 7.0.1. Users must update their sites with the latest version to stay protected.

Let us know your thoughts in the comments.

You may also like