Receiving SPAM via Quiz – Vulnerabilities in the new version

  • Resolved gopa4

    (@gopa4)


    1 year, 5 months ago

    Hello,

    We are receiving SPAM via one of our Quizzes after updating the plugin yesterday. The same email address – receiving 1 Spam email per minute! https://ibb.co/X29NS67

    Where are flooded with SPAM!

    The quiz is not taken. It has 42 multiple questions. Score points: 0.

    If I go to the page of quiz results:

    wp-admin/admin.php?page=mlw_quiz_results

    There are NO results for this email address.

    The same for another spammer

    https://ibb.co/8jwNHhc

    We use the last version 8.1.15

    I suspect that your plugin has Vulnerabilities. 

    Yes it has! Just checked my Plesk. Your plugin has Vulnerabilities https://ibb.co/SQ983HX

    Vulnerabilities: WordPress Quiz And Survey Master plugin <= 8.1.15 – Cross-Site Request Forgery via ‘display_results’ vulnerability?

Viewing 3 replies - 1 through 3 (of 3 total)

  • Dear @gopa4 ,

    We sincerely appreciate you bringing this matter to our attention.

    I will promptly engage in a discussion with our technical team regarding this issue.

    Rest assured, I will diligently provide you with timely updates as soon as they become available.

    Kind regards,
    Sumit

    Dear @gopa4 ,

    Thanks for contacting us and for bringing this issue to our notice.

    I read your query and I’m sorry for the inconvenience this might have caused you.

    I wish to address the vulnerabilities that you reported, as they have already been rectified in our plugin. Unfortunately, the reporter did not mark this fix appropriately, leading to its release to the public. Consequently, it may appear that our plugin still possesses the vulnerability. However, I assure you that the latest version of QSM core, specifically version 8.1.15, is secure and free from any such issues.

    We are actively engaged in discussions with the reporter to rectify this situation and remove the associated notification.

    In the interest of safeguarding your site against spam, please consider the following recommendations:

    1. Use a Captcha Plugin:
    • Install and activate a CAPTCHA plugin on your WordPress site, such as Google reCAPTCHA or hCaptcha. CAPTCHA technology helps differentiate between human users and automated bots.

    2. Install an Anti-Spam Plugin:

    • I recommend considering the use of an anti-spam plugin like Akismet. Akismet is a robust tool designed to filter out spam comments and trackbacks.

    Should you require any further assistance or have additional inquiries, please do not hesitate to contact us.

    Warm regards,
    Sumit

    View post on imgur.com
    Hi Sumit,
    I have QSP installed. and getting like 10-20 emails in 1 min. Have both Akismet and google recptcha
    ?
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Receiving SPAM via Quiz – Vulnerabilities in the new version’ is closed to new replies.