CVE-2023-6065: 
WordPress vulnerability analysis and mitigation

The Quttera Web Malware Scanner WordPress plugin before version 3.4.2.1 contains a security vulnerability that exposes detailed scan logs to unauthorized access. This vulnerability, identified as CVE-2023-6065, was discovered and disclosed in December 2023. The vulnerability affects all versions of the Quttera Web Malware Scanner plugin prior to version 3.4.2.1 (NVD, WPScan).

The vulnerability stems from insufficient access controls on scan log files, which allows malicious actors to access detailed scan logs. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability can be exploited over the network without requiring privileges or user interaction (NVD).

When exploited, this vulnerability allows attackers to discover local paths and portions of the site's code through exposed log files. The exposure of such sensitive information could potentially aid attackers in mapping the website's structure and identifying additional security weaknesses (WPScan).

The recommended mitigation is to update the Quttera Web Malware Scanner plugin to version 3.4.2.1 or later, which contains the security fix for this vulnerability (NVD).