Critical Flaws in WordPress Quiz Plugin Allow Site Takeover

2020-08-14 18:26

The two critical flaws discovered by researchers include an arbitrary file-upload vulnerability, ranking 10 out of 10 on the CVSS scale; as well as an unauthenticated arbitrary file deletion error, ranking 9.9 out of 10.

"Any of the 30,000 sites running the plugin are subject to any file being deleted, which includes the wp-config.php file, by unauthenticated site users."

The two vulnerabilities stemmed from a feature in the plugin that enables site owners to implement file uploads as a response type for a quiz or survey.

This is a core WordPress file that contains information about the database - including the name, username and password - that allows WordPress to communicate with the database to store and retrieve data.

"If the wp-config.php file is deleted, WordPress assumes there is a fresh installation at which point an attacker can establish a new database connection, gain access to the site and upload a webshell to ultimately achieve persistence or infect other sites in the same hosting account," Chamberland told Threatpost.

News URL

https://threatpost.com/critical-flaws-wordpress-quiz-plugin-site-takeover/158379/

#critical #takeover #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	95	44	18	159
Plugin		2	0	13	1	0	14

News URL

Related news

Related vendor