Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

quttera

Source -

ADPNVDCNA

BOS Name -

N/A

CNA CVEs -

1

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2025-8013
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-3.8||LOW
EPSS-0.03% / 7.34%
||
7 Day CHG+0.01%
Published-15 Aug, 2025 | 06:40
Updated-15 Aug, 2025 | 13:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quttera Web Malware Scanner <= 3.5.1.41 - Authenticated (Administrator+) Server-Side Request Forgery

The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Action-Not Available
Vendor-quttera
Product-Quttera Web Malware Scanner
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2023-6065
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-5.3||MEDIUM
EPSS-46.34% / 97.57%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 20:07
Updated-02 Aug, 2024 | 08:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quttera Web Malware Scanner < 3.4.2.1 - Directory Listing to Sensitive Data Exposure

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code

Action-Not Available
Vendor-qutteraUnknown
Product-quttera_web_malware_scannerQuttera Web Malware Scanner
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-6222
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-7.2||HIGH
EPSS-0.36% / 57.44%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 20:07
Updated-30 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal

IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks

Action-Not Available
Vendor-qutteraUnknownquttera
Product-quttera_web_malware_scannerQuttera Web Malware Scannerquttera_web_malware_scanner
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')