cleantalk
Vulnerabilities and Security Researches

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal, CVE-2025-6043

CVE, Research URL

CVE-2025-6043

Home page URL

Security reports for Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal

Application

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal

Published on
Jul 16, 2025
Research Description
The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 16.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible. This is only exploitable when advanced mode is enabled on the site.
Affected versions
Min -, max 17.1.
Status
vulnerable
Previous vulnerability researches
Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin (CVE-2025-48150) , Jul 18, 2025
New vulnerability
Vchasno Kasa (CVE-2025-6720) , Jul 19, 2025
Vchasno Kasa (CVE-2025-6721) , Jul 19, 2025
Media Library Assistant (CVE-2025-7035) , Jul 19, 2025
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History (CVE-2025-54041) , Jul 19, 2025
Chatbox Manager (CVE-2025-48167) , Jul 19, 2025