VYPR

Quttera Web Malware Scanner

by WordPress

CVEs (3)

  • CVE-2023-6222HigDec 18, 2023
    risk 0.47cvss 7.2epss 0.01

    IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks

  • CVE-2023-6065MedDec 18, 2023
    risk 0.36cvss 5.3epss 0.19

    The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code

  • CVE-2025-8013LowAug 15, 2025
    risk 0.18cvss 3.8epss 0.00

    The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to…