cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwp-malware-removal wp-malware-removal

Direction: ascending
Jun 14, 2025

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal # 24596766a0adccfc0371fdbefc213380e7bbc7c5

CVE, Research URL

24596766a0adccfc0371fdbefc213380e7bbc7c5

Home page URL

Security reports for Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal

Application

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal

Date
Jun 13, 2025
Research Description
Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal [wp-malware-removal] < 16.9 WordPress Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal Plugin <= 16.8 is vulnerable to Broken Access Control <p>WordPress Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal Plugin <= 16.8 is vulnerable to Broken Access Control</p><p>Software: Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal</p><p>Fixed in version 16.9 </p><p>Affected Version <= 16.8</p>
Affected versions
max 16.9.
Status
vulnerable
Jul 19, 2025

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal # CVE-2025-6043

CVE, Research URL

CVE-2025-6043

Home page URL

Security reports for Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal

Application

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal

Date
Jul 16, 2025
Research Description
The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 16.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible. This is only exploitable when advanced mode is enabled on the site.
Affected versions
max 17.1.
Status
vulnerable