Skip to content
Nuclei Templates

Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure

ID: CVE-2023-6065

Severity: medium

Author: s4e-io

Tags: cve,cve2023,wp-plugin,quttera,wpscan,wordpress

Description

Section titled “Description”

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn’t restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site’s code

YAML Source

Section titled “YAML Source”
id: CVE-2023-6065


info:
  name: Quttera Web Malware Scanner <= 3.4.1.48 - Sensitive Data Exposure
  author: s4e-io
  severity: medium
  description: |
    The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code
  remediation: Fixed in 3.4.2.1
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-6065
    - https://wpscan.com/vulnerability/64f2557f-c5e4-4779-9e28-911dfaf2dda5
    - https://wordpress.org/plugins/quttera-web-malware-scanner/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2023-6065
    epss-score: 0.00146
    epss-percentile: 0.50461
    cpe: cpe:2.3:a:quttera:quttera_web_malware_scanner:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: quttera
    product: quttera_web_malware_scanner
    framework: wordpress
  tags: cve,cve2023,wp-plugin,quttera,wpscan,wordpress


http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/quttera-web-malware-scanner/quttera_wp_report.txt"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Website Malware Scan Report"
          - "Scanned Website"
          - "Scan type"
        condition: and


      - type: word
        part: header
        words:
          - "text/plain"


      - type: status
        status:
          - 200
# digest: 4b0a004830460221009d70c7e829c4b96f2e22179d5cc3a81a18554c8b708b183b9a48457f711fb53d022100cdc97db427a178a942335a8824b37b857d1dd8354d1b483c47ea0f0ec6470fc0:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-6065.yaml"

View on Github