cleantalk
Vulnerabilities and Security Researches

NinjaScanner – Virus & Malware scan, CVE-2025-8213

CVE, Research URL

CVE-2025-8213

Home page URL

Security reports for NinjaScanner – Virus & Malware scan

Application

NinjaScanner – Virus & Malware scan

Published on
Jul 31, 2025
Research Description
The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'nscan_ajax_quarantine' and 'nscan_quarantine_select' functions in all versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, including files outside the WordPress root directory.
Affected versions
Min -, max 3.2.6.
Status
vulnerable
Previous vulnerability researches
Salon booking system (CVE-2025-31560) , Apr 04, 2025
Salon booking system (CVE-2024-37231) , Jun 25, 2024
Salon booking system (CVE-2022-4974) , Nov 15, 2024
Salon booking system (CVE-2024-9882) , Nov 17, 2024
Salon booking system (CVE-2024-4468) , Jun 10, 2024
New vulnerability
The Plus Addons for Elementor (CVE-2025-7646) , Aug 02, 2025
GiveWP – Donation Plugin and Fundraising Platform (CVE-2025-7205) , Aug 02, 2025
Elementor Header & Footer Builder (CVE-2025-8488) , Aug 02, 2025
Ocean Social Sharing (CVE-2025-7500) , Aug 02, 2025
Stratum – Elementor Widgets (CVE-2025-7845) , Aug 02, 2025