VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 3 known issues Latest disclosed Aug 14, 2025

Quttera ThreatSign – Web Malware Scanner for WordPress Vulnerabilities

Review known vulnerability records for the WordPress plugin Quttera ThreatSign – Web Malware Scanner for WordPress (`quttera-web-malware-scanner`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-8013, CVE-2023-6222 and CVE-2023-6065, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
3
High or Critical
0
Patch Coverage
100%
Last Updated
Aug 15, 2025
Priority CVE Quick Links

Fast paths into Quttera ThreatSign – Web Malware Scanner for WordPress CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
3
CVE-2023-6222 Medium 3.4.2.1
CVE-2023-6222 Quttera ThreatSign – Web Malware Scanner for WordPress Remote Code Execution

Quttera Web Malware Scanner <= 3.4.1.48 - Authenticated (Administrator+) Directory Traversal via ShowFile

CVE-2023-6065 Medium 3.4.2.1
CVE-2023-6065 Quttera ThreatSign – Web Malware Scanner for WordPress Sensitive Information Exposure

Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure

CVE-2025-8013 Low 3.5.2.1
CVE-2025-8013 Quttera ThreatSign – Web Malware Scanner for WordPress Server-Side Request Forgery

Quttera Web Malware Scanner <= 3.5.1.41 - Authenticated (Administrator+) Server-Side Request Forgery

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Quttera ThreatSign – Web Malware Scanner for WordPress so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
3 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2025-8013, CVE-2023-6222 and CVE-2023-6065
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Quttera ThreatSign – Web Malware Scanner for WordPress

Sorted by latest disclosure date so newly published issues surface first.

Plugin Low Patched: Yes CVE-2025-8013
CVE-2025-8013: Quttera Web Malware Scanner <= 3.5.1.41 - Authenticated (Administrator+) Server-Side Request Forgery

The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.5.1.41 via the 'RunExternalScan' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to m...

Published
Aug 14, 2025
Patched Release
3.5.2.1
Affected Versions
Versions up to 3.5.1.41
Next Step
Update to 3.5.2.1 or newer if supported.
Open CVE-2025-8013 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-6222
CVE-2023-6222: Quttera Web Malware Scanner <= 3.4.1.48 - Authenticated (Administrator+) Directory Traversal via ShowFile

The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.4.1.48 via the ShowFile function. This allows an administrator to view arbitrary files on the server.

Published
Nov 21, 2023
Patched Release
3.4.2.1
Affected Versions
Versions up to 3.4.1.48
Next Step
Update to 3.4.2.1 or newer if supported.
Open CVE-2023-6222 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-6065
CVE-2023-6065: Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure

The Quttera Web Malware Scanner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.1.48 via easy to guess scan log file names. This makes it possible for unauthenticated attackers to extract sensitive data.

Published
Nov 21, 2023
Patched Release
3.4.2.1
Affected Versions
Versions up to 3.4.1.48
Next Step
Update to 3.4.2.1 or newer if supported.
Open CVE-2023-6065 Report Open CVE Reference