Server-Side Request Forgery Vulnerability in Quttera Web Malware Scanner Plugin for WordPress
CVE-2025-8013

3.8LOW

Key Information:

Vendor: WordPress
Status: Quttera Web Malware Scanner
Vendor: CVE Published:; 15 August 2025

What is CVE-2025-8013?

The Quttera Web Malware Scanner for WordPress contains a Server-Side Request Forgery vulnerability in the 'RunExternalScan' function. Authenticated users with Administrator-level access can exploit this flaw to make unauthorized web requests to internal services. This may allow attackers to access sensitive data or modify information due to the application's ability to communicate with external locations on behalf of the server.

Affected Version(s)

Quttera Web Malware Scanner * <= 3.5.1.41

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/quttera-web-ma...

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2025
Vulnerability Reserved
Jul 22, 2025

Credit

Jonas Benjamin Friedli