CVE-2020-35949

Name of the Vulnerable Software and Affected Versions: Quiz and Survey Master plugin versions prior to 7.0.1

Description: An issue in the Quiz and Survey Master plugin allows unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution. This is possible when a quiz question requires a file upload, and the plugin only checks the Content-Type header, allowing an attacker to upload a .php file with a text/plain Content-Type.

Recommendations: For versions prior to 7.0.1, update to version 7.0.1 or later to resolve the issue. As a temporary workaround, consider disabling file uploads for quiz questions until the update is applied. Restrict access to the plugin's upload functionality to minimize the risk of exploitation.