Vulnerabilities and security researches formalcare-security malcare-security
Direction: descendingMar 27, 2026
MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall # PSC-2026-64632
- PSC, Research URL
- Home page URL
- Date
- Mar 27, 2026
- Research Description
- Security plugins are uniquely sensitive in WordPress because they operate with high privilege, touch authentication and request filtering, and often integrate with external scanning and firewall services. If access control, request integrity, or output handling is weak, attackers may force configuration changes via CSRF, abuse endpoints to leak site security metadata, or inject malicious content into admin-facing reports. MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall version 6.39 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64632, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for WordPress security and monitoring plugins.
- Affected versions
-
Min 6.39, max 6.39.
- Status
-
SAFE & CERTIFIED
Jun 07, 2024
MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall # fd2a15caa8a8f2727f6a5c0569ecbd735696d652
- CVE, Research URL
- Home page URL
- Date
- May 05, 2021
- Research Description
- MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall [malcare-security] < 4.58 WordPress MalCare Security plugin <= 4.57 - Authenticated Cross-Site Scripting (XSS) vulnerability Authenticated Cross-Site Scripting (XSS) vulnerability discovered by Lenon Leite in WordPress MalCare Security plugin (versions <= 4.57).
- Affected versions
-
max 4.58.
- Status
-
vulnerable