CVE-2025-8013

Name of the Vulnerable Software and Affected Versions: Quttera Web Malware Scanner for WordPress versions up to and including 3.5.1.41

Description: The Quttera Web Malware Scanner plugin for WordPress is susceptible to Server-Side Request Forgery via the RunExternalScan function. Authenticated attackers with Administrator-level access or higher can leverage this issue to make web requests to arbitrary locations originating from the web application, potentially allowing them to query and modify information from internal services.

Recommendations: Versions prior to 3.5.1.42 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.