cleantalk
Vulnerabilities and Security Researches

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal, CVE-2025-6043

CVE, Research URL

CVE-2025-6043

Home page URL

Security reports for Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal

Application

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal

Published on
Jul 16, 2025
Research Description
The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 16.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible. This is only exploitable when advanced mode is enabled on the site.
Affected versions
Min -, max 17.1.
Status
vulnerable
Previous vulnerability researches
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2019-25143) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (7d5b4ba83a5c6004460bf267fe534a359e1416b0) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2023-4013) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-1621) , Mar 14, 2025
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-1620) , Mar 14, 2025
New vulnerability
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History (CVE-2025-54041) , Jul 19, 2025
Chatbox Manager (CVE-2025-48167) , Jul 19, 2025
Zuppler Online Ordering (CVE-2025-6053) , Jul 19, 2025
Counter live visitors for WooCommerce (CVE-2025-7359) , Jul 19, 2025
AntiSpam for Contact Form 7 (CVE-2025-54020) , Jul 19, 2025