Quttera Web Malware Scanner
Moderate fix1 remedy
cpe:2.3:a:quttera:quttera_web_malware_scanner:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 3.5.1.41
Quttera Web Malware Scanner Server-Side Request Forgery Vulnerability
Vulnerability
Patched
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Quttera Web Malware Scanner plugin for WordPress, affecting all versions through 3.5.1.41. This vulnerability allows authenticated attackers with Administrator-level access to send web requests to arbitrary locations from the web application, potentially querying and modifying information from internal services.
Impact
Exploitation of this vulnerability could allow an authenticated attacker to make requests to internal services, potentially leading to unauthorized access or modification of internal data.
Reproduction
To reproduce this vulnerability, an authenticated user with Administrator privileges can use the 'RunExternalScan' function of the Quttera Web Malware Scanner plugin. This action will trigger a server-side request to the specified URL, which can be an internal service, thereby exploiting the SSRF vulnerability.
Remediation
Users are advised to update the Quttera Web Malware Scanner plugin to version 3.5.2.1 or later.
Added: Aug 15, 2025, 7:25 AM
Updated: Aug 15, 2025, 7:25 AM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
1.3exploitability
6.0remediation
7.7relevance
0.3threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.