A plugin that is designed to add quizzes and surveys to WordPress websites has patched two critical vulnerabilities. The flaws can be exploited by remote, unauthenticated attackers to launch varying attacks including fully taking over vulnerable websites. The plugin, Quiz and Survey Master, is actively installed on over 30,000 websites. A patch is available for both issues in version 7.0.1 of the plugin, said researchers with Wordfence who discovered the flaws, in a Thursday post. The vulnerabilities stemmed from a feature in the plugin that enables site owners to implement file uploads as a response type for a quiz.
Source: https://threatpost.com/critical-flaws-wordpress-quiz-plugin-site-takeover/158379/