Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal
CVE-2023-6222

7.2HIGH

Key Information:

Vendor: Wordpress
Status: Quttera Web Malware Scanner
Vendor: CVE Published:; 18 December 2023

Summary

The Quttera Web Malware Scanner WordPress plugin fails to properly validate user input in a file path, which creates a vulnerability for users with admin roles. This flaw can potentially allow admins to execute unauthorized file access, exploiting the pathway to sensitive files on the server. Prompt updates to version 3.4.2.1 or later are necessary to mitigate this risk and secure your WordPress site against potential threats.

Affected Version(s)

Quttera Web Malware Scanner 0 < 3.4.2.1

References

https://wpscan.com/vulnerability/df892e99-c0f6-42b8-a834-...

exploitvdb-entrytechnical-description

https://drive.google.com/file/d/1krgHH2NvVFr93VpErLkOjDV3...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 18, 2023
Vulnerability Reserved
Nov 20, 2023

Credit

Dmitrii Ignatyev

WPScan