CVE-2020-35949: WordPress plugin vulnerability

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checked during the upload, and thus the attacker could use text/plain for a .php file.

How to mitigate CVE-2020-35949

Time needed: 5 minutes.

Follow the instructions, as they will assist you in mitigating the WordPress vulnerability that been reported in CVE-2020-35949.

  1. Install the latest version of WordPress

    Navigate to the official WordPress website and download the latest version of WordPress. The latest version contains the CVE-2020-35949 fix.
    Update to the latest version

  2. Perform a vulnerability assessment

    Perform a scan on your WordPress environment(s), and check for vulnerabilities. Verify if CVE-2020-35949 has been mitigated.

  3. Utilize the references

    The CVE-2020-35949 references have been provided for a reason. Utilize these references and make sure that you are correctly informed.

References

  • wpscan.com/vulnerability/10349
  • www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/
  • Share this information