Quttera Web Malware Scanner < 3.4.2.1 - Directory Listing to Sensitive Data Exposure
CVE-2023-6065

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Quttera Web Malware Scanner
Vendor: CVE Published:; 18 December 2023

Summary

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code

Affected Version(s)

Quttera Web Malware Scanner 0 < 3.4.2.1

References

https://wpscan.com/vulnerability/64f2557f-c5e4-4779-9e28-...

exploitvdb-entrytechnical-description

https://drive.google.com/file/d/1w83xWsVLS_gCpQy4LDwbjNK9...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2023
Vulnerability Reserved
Nov 9, 2023

Credit

Dmitrii Ignatyev

WPScan