cleantalk
Vulnerabilities and Security Researches

NinjaScanner – Virus & Malware scan, CVE-2025-8213

CVE, Research URL

CVE-2025-8213

Home page URL

Security reports for NinjaScanner – Virus & Malware scan

Application

NinjaScanner – Virus & Malware scan

Published on
Jul 31, 2025
Research Description
The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'nscan_ajax_quarantine' and 'nscan_quarantine_select' functions in all versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, including files outside the WordPress root directory.
Affected versions
Min -, max 3.2.6.
Status
vulnerable
Previous vulnerability researches
Responsive Filterable Portfolio (CVE-2019-25221) , Dec 14, 2024
Responsive Filterable Portfolio (CVE-2023-2119) , Jun 07, 2024
Responsive Filterable Portfolio (CVE-2024-51785) , Nov 08, 2024
New vulnerability
Ocean Social Sharing (CVE-2025-7500) , Aug 02, 2025
Stratum – Elementor Widgets (CVE-2025-7845) , Aug 02, 2025
BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security (CVE-2025-6722) , Aug 02, 2025
ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization (CVE-2025-6626) , Aug 02, 2025
Qi Addons For Elementor (CVE-2025-8146) , Aug 02, 2025