Vulnerabilities and security researches formalcare-security malcare-security

Jun 07, 2024

CVE, Research URL: fd2a15caa8a8f2727f6a5c0569ecbd735696d652
Home page URL: Security reports for MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall
Application: MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall
Date: May 05, 2021
Research Description: MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall [malcare-security] < 4.58 WordPress MalCare Security plugin <= 4.57 - Authenticated Cross-Site Scripting (XSS) vulnerability Authenticated Cross-Site Scripting (XSS) vulnerability discovered by Lenon Leite in WordPress MalCare Security plugin (versions <= 4.57).
Affected versions: max 4.58.
Status: vulnerable

Mar 27, 2026

PSC, Research URL: PSC-2026-64632
Home page URL: Security reports for MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall
Application: MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall
Date: Mar 27, 2026
Research Description: Security plugins are uniquely sensitive in WordPress because they operate with high privilege, touch authentication and request filtering, and often integrate with external scanning and firewall services. If access control, request integrity, or output handling is weak, attackers may force configuration changes via CSRF, abuse endpoints to leak site security metadata, or inject malicious content into admin-facing reports. MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall version 6.39 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64632, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for WordPress security and monitoring plugins.
Affected versions: Min 6.39, max 6.39.
Status: SAFE & CERTIFIED