Vulnerabilities and security researches forwp-malware-removal wp-malware-removal

Jul 19, 2025

CVE, Research URL: CVE-2025-6043
Home page URL: Security reports for Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal
Application: Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal
Date: Jul 16, 2025
Research Description: The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 16.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible. This is only exploitable when advanced mode is enabled on the site.
Affected versions: Min -, max -.
Status: vulnerable

Jun 14, 2025

CVE, Research URL: 24596766a0adccfc0371fdbefc213380e7bbc7c5
Home page URL: Security reports for Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal
Application: Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal
Date: Jun 13, 2025
Research Description: Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal [wp-malware-removal] < 16.9 WordPress Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal Plugin <= 16.8 is vulnerable to Broken Access Control WordPress Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal Plugin <= 16.8 is vulnerable to Broken Access ControlSoftware: Malcure Malware Scanner — #1 Toolset for WordPress Malware RemovalFixed in version 16.9 Affected Version <= 16.8
Affected versions: Min -, max -.
Status: vulnerable