The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn’t restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site’s code
View the template here CVE-2023-6065.yaml
References:
https://wordpress.org/plugins/quttera-web-malware-scanner/