EUVD-2025-24993

Malicious code in bioql PyPI...

PT-2025-33447 · WordPress · Quttera Web Malware Scanner

Name of the Vulnerable Software and Affected Versions: Quttera Web Malware Scanner for WordPress versions up to and including 3.5.1.41 Description: The Quttera Web Malware Scanner plugin for WordPress is susceptible to Server-Side Request Forgery via the RunExternalScan function. Authenticated...

WordPress Quttera Web Malware Scanner plugin <= 3.5.1.41 - Authenticated (Administrator+) Server-Side Request Forgery vulnerability

Authenticated Administrator+ Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Quttera Web Malware Scanner versions = 3.5.1.41...

Path traversal

IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks...

CVE-2023-6065 Quttera Web Malware Scanner < 3.4.2.1 - Directory Listing to Sensitive Data Exposure

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code...

CVE-2023-6222

CVE-2023-6222 affects the Quttera Web Malware Scanner WordPress plugin (versions before 3.4.2.1). The vulnerability is a path traversal issue caused by unvalidated user input used in path handling, exploitable by users with an administrator role. Impact, as disclosed in sources, includes potentia...

CVE-2023-6222 Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal

IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks...

PT-2023-32569 · WordPress · Quttera Web Malware Scanner

Name of the Vulnerable Software and Affected Versions: Quttera Web Malware Scanner WordPress plugin versions prior to 3.4.2.1 Description: The issue concerns a lack of validation for user input used in a path. This could potentially allow users with an admin role to perform path traversal attacks...

Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal

Description IThe plugin does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks 1 Go to http://yoursite/wordpress/wp-admin/admin.php?page=qutterawmscannerint 2 Click "Scan Now" 3 Click "Detected Threats" 4 Navigate to some Suspicio...

Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal

Description IThe plugin does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks PoC 1 Go to http://yoursite/wordpress/wp-admin/admin.php?page=qutterawmscannerint 2 Click "Scan Now" 3 Click "Detected Threats" 4 Navigate to some...

Quttera Web Malware Scanner < 3.4.2.1 - Directory Listing to Sensitive Data Exposure

Description The plugin doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code http://yoursite/wordpress/wp-content/plugins/quttera-web-malware-scanner/runtime.log...