Critical Vulnerabilities Patched in Quiz and Survey Master Plugin

On July 17, 2020, our Threat Intelligence team discovered two vulnerabilities in Quiz and Survey Master (QSM), a WordPress plugin installed on over 30,000 sites. These flaws made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution, as well as delete arbitrary files like a site’s wp-config.php file which could effectively take a site offline and allow an attacker to take over the vulnerable site.

We initially reached out to the plugin’s team on July 17, 2020 through their support forum and followed up again on July 21, 2020. After another week of no response,

This post was originally published on this site

Work With Xiphos Web Marketing

No business is too small to succeed, thanks to online technology! From marketing, to customer service, to placing orders, to customer financing, there are tools that anyone can utilize. Let me, Nate Houstman, be your guide!


Pin It on Pinterest

Share This
Xiphos Web Marketing