Critical Vulnerability Found in WordPress Malware Scanner Plugin

Alan V Gutnov
Alan V Gutnov

Director of Strategy

 
July 16, 2025 2 min read

WordPress Malware Scanner Plugin Contains Vulnerability

The Malcure Malware Scanner plugin has been identified with a high-severity vulnerability rated at 8.1 by Wordfence. This plugin, which is installed on over 10,000 WordPress websites, is susceptible to “Arbitrary File Deletion” due to a missing capability check on the wpmr_delete_file() function. Although an authenticated attacker requires only subscriber-level access to exploit this vulnerability, it poses significant risks.

Malcure Malware Scanner Vulnerability

Image courtesy of Search Engine Journal

According to Wordfence, “This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible. This is only exploitable when advanced mode is enabled on the site.” There is currently no patch available, and users are advised to uninstall the plugin to mitigate risk.

Malcure Plugin Severity Rating

Image courtesy of Search Engine Journal

The plugin is temporarily unavailable for download as it is under review due to this critical vulnerability.

Additional WordPress Vulnerabilities

Another notable vulnerability is associated with the Malware Scanner WordPress plugin before version 4.5.2, where it fails to sanitize and escape some of its settings. This leads to Cross-Site Scripting (XSS) attacks when unfiltered_html is disallowed, particularly in multisite setups.

Severity and References

CVSS Score

  • Overall Score: 4.8 / 10
  • Attack Vector: Network
  • Privileges Required: High

Best Practices for WordPress Vulnerability Scanners

Utilizing a WordPress vulnerability scanner is essential for maintaining site security. These tools alert users to known vulnerabilities in the WordPress core, plugins, or themes. It is crucial to regularly update vulnerable plugins and themes to avoid potential security breaches.

Recommended Scanners

  1. MalCare
  • Test results: Great
  • Price: Free
  • Detects a wide range of vulnerabilities, including SQL injection and XSS.
  • More information can be found at MalCare.
  1. Patchstack
  • Test results: Great
  • Price: Free
  • Flags vulnerabilities and provides guidance on severity.
  1. WPScan
  • Test results: Great
  • Price: Free for 25 scans a day.
  • One of the most comprehensive vulnerability scanners available.
  1. Wordfence
  • Test results: Very Good
  • Price: Free
  • A popular security plugin that flags vulnerabilities effectively.
  1. Defender
  • Test results: Average
  • Price: Free
  • Provides a good overview of vulnerabilities but may miss some obscure ones.
  1. Sucuri
  • Test results: Bad
  • Price: Free
  • Limited vulnerability detection; primarily offers a list of available updates.

For a detailed comparison of various WordPress vulnerability scanners, including their test results, features, and pricing, visit MalCare.

Handling Detected Vulnerabilities

When a vulnerability is flagged, it is crucial to act quickly. Users should update their site, particularly if the issue is with a smaller plugin or theme. For larger plugins, testing updates in a staging environment is advisable to prevent disruptions on the live site.

For further assistance with website security and to explore comprehensive protection solutions, consider visiting Gopher Security.

Alan V Gutnov
Alan V Gutnov

Director of Strategy

 

MBA-credentialed cybersecurity expert specializing in Post-Quantum Cybersecurity solutions with proven capability to reduce attack surfaces by 90%.

Related Articles

Ransomware Attacks Target Russian Vodka and Healthcare Sectors

The Novabev Group, parent company of the Beluga vodka brand, experienced a ransomware attack on July 14, 2025, causing significant disruptions. The attack affected WineLab, the company's liquor store chain, leading to a three-day closure of over 2,000 locations in Russia. The company reported that the attack crippled its IT infrastructure, particularly point-of-sale systems and online services. Novabev Group stated, "The company maintains a principled position of rejecting any interaction with cybercriminals and refuses to fulfill their demands."

By Alan V Gutnov July 19, 2025 3 min read
Read full article

Retail Sector Faces Surge in Ransomware Attacks: A 2025 Analysis

Publicly disclosed ransomware attacks on the retail sector globally surged by 58% in Q2 2025 compared to Q1, with UK-based firms being particularly targeted, according to a report by BlackFog. This spike in attacks follows high-profile breaches affecting retailers like Marks & Spencer (M&S), The Co-op, and Harrods, attributed to the threat actor known as Scattered Spider.

By Alan V Gutnov July 19, 2025 2 min read
Read full article

AI-Driven Lcryx Ransomware Emerges in Cryptomining Botnet

A cryptomining botnet active since 2019 has incorporated a likely AI-generated ransomware known as Lcryx into its operations. Recent analysis by the FortiCNAPP team at FortiGuard Labs identified the first documented incident linking H2miner and Lcryx ransomware. This investigation focused on a cluster of virtual private servers (VPS) utilized for mining Monero.

By Edward Zhou July 19, 2025 3 min read
Read full article

Preventing ClickFix Attacks: Safeguarding Against Human Error

ClickFix is an emerging social engineering technique utilized by threat actors to exploit human error. This technique involves misleading users into executing malicious commands under the guise of providing "quick fixes" for common computer issues. Threat actors use familiar platforms and deceptive prompts to encourage victims to paste and run harmful scripts.

By Alan V Gutnov July 19, 2025 3 min read
Read full article