cleantalk
Vulnerabilities and Security Researches

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal, CVE-2025-6043

CVE, Research URL

CVE-2025-6043

Home page URL

Security reports for Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal

Application

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal

Published on
Jul 16, 2025
Research Description
The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 16.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible. This is only exploitable when advanced mode is enabled on the site.
Affected versions
max 17.1.
Status
vulnerable
Previous vulnerability researches
Super Simple Subscriptions (CVE-2025-30523) , Mar 26, 2025
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026