Wordfence printed an advisory on the WordPress Malcure Malware Scanner plugin, which was found to have a vulnerability rated at a severity stage of 8.1. On the time of publishing, there isn’t any patch to repair the issue.
Screenshot Displaying 8.1 Severity Ranking
Malcure Malware Scanner Vulnerability
The Malcure Malware Scanner plugin, put in on over 10,000 WordPress web sites, is susceptible to “Arbitrary File Deletion because of a lacking functionality verify on the wpmr_delete_file() perform” by authenticated attackers. The truth that an attacker wants authentication as a consumer makes it rather less probably for it to be exploited, nonetheless not by a lot as a result of it solely requires subscriber stage authentication, which is the bottom stage of authentication. The “subscriber” position is the default stage of registration on a WordPress web site (if registration is allowed).
In line with Wordfence:
“This makes it attainable for authenticated attackers, with Subscriber-level entry and above, to delete arbitrary recordsdata making distant code execution attainable. That is solely exploitable when superior mode is enabled on the positioning.”
There isn’t a recognized patch accessible for the plugin and customers are cautioned to take obligatory actions corresponding to uninstalling the plugin to mitigate threat.
The plugin is presently unavailable for obtain with a discover exhibiting that it’s underneath evaluation.
Screenshot Of Malcure Plugin At WordPress Repository
Learn Extra WordPress Information
WordPress Replace 6.8.2 – Ends Safety Assist For 0.9% of Websites
Featured Picture by Shutterstock/Kues
