PT-2025-33447 · WordPress · Quttera Web Malware Scanner

Name of the Vulnerable Software and Affected Versions: Quttera Web Malware Scanner for WordPress versions up to and including 3.5.1.41 Description: The Quttera Web Malware Scanner plugin for WordPress is susceptible to Server-Side Request Forgery via the RunExternalScan function. Authenticated...

CVE-2023-6065

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code...

Path traversal

IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks...

Code injection

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code...

CVE-2023-6065 Quttera Web Malware Scanner < 3.4.2.1 - Directory Listing to Sensitive Data Exposure

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code...

CVE-2023-6065

CVE-2023-6065 affects the Quttera Web Malware Scanner WordPress plugin (

CVE-2023-6222

CVE-2023-6222 affects the Quttera Web Malware Scanner WordPress plugin (versions before 3.4.2.1). The vulnerability is a path traversal issue caused by unvalidated user input used in path handling, exploitable by users with an administrator role. Impact, as disclosed in sources, includes potentia...

CVE-2023-6222 Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal

IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks...

PT-2023-32569 · WordPress · Quttera Web Malware Scanner

Name of the Vulnerable Software and Affected Versions: Quttera Web Malware Scanner WordPress plugin versions prior to 3.4.2.1 Description: The issue concerns a lack of validation for user input used in a path. This could potentially allow users with an admin role to perform path traversal attacks...

Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal

Description IThe plugin does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks PoC 1 Go to http://yoursite/wordpress/wp-admin/admin.php?page=qutterawmscannerint 2 Click "Scan Now" 3 Click "Detected Threats" 4 Navigate to some...

Quttera Web Malware Scanner < 3.4.2.1 - Directory Listing to Sensitive Data Exposure

Description The plugin doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code http://yoursite/wordpress/wp-content/plugins/quttera-web-malware-scanner/runtime.log...

Masc - A Web Malware Scanner

A malware web scanner developed during CyperCamp Hackathon 2017. Features At the moment, there are some features avaiable for any type of website custom or CMS and some of them only available for specific platforms: Scan any website for malware using OWASP WebMalwareScanner checksum, YARA rules...