Critical Security Flaw Discovered in Malcure Malware Scanner Plugin
A recently identified vulnerability within the Malcure Malware Scanner plugin for WordPress poses a important risk to website security. Security firm Wordfence has issued an advisory detailing the flaw, assigning it a severity rating of 8.1 out of 10 – indicating a high level of potential danger. As of mid-July 2025, a security patch remains unavailable, leaving affected sites exposed.
Understanding the Vulnerability: Arbitrary File Deletion
The vulnerability allows authenticated attackers to delete arbitrary files on a WordPress installation. This stems from a missing capability check within the wpmrdeletefile() function. While exploitation requires an attacker to be logged in as a user, the concerning aspect is that only “subscriber” level access – the default permission granted to registered users on many WordPress sites – is needed.
According to wordfence’s analysis[[1]], successful exploitation could lead to remote code execution. though,this is contingent upon “advanced mode” being enabled on the affected website.
Scope of the Problem & Current Status
Over 10,000 WordPress websites currently have the vulnerable Malcure Malware Scanner plugin installed, making this a widespread concern. Considering the increasing number of WordPress-based sites – powering over 43% of all websites on the internet as of early 2024 (according to statista) – even a relatively small percentage of compromised sites could represent a substantial security incident.
Currently, the Malcure plugin has been temporarily removed from the official wordpress repository while the issue undergoes review. This prevents new installations, but does not address the risk to existing users.
Mitigation Strategies & Recommendations
Given the lack of an immediate patch,website administrators using the Malcure Malware Scanner plugin should take swift action to mitigate potential risks. The most effective solution is to uninstall the plugin until a secure update is released.
Beyond uninstalling,consider these proactive steps:
Review User Permissions: Audit user roles and permissions,limiting subscriber access where possible.
Monitor File Integrity: Implement a file integrity monitoring system to detect unauthorized file modifications. Regular Backups: Ensure recent and reliable website backups are in place for rapid restoration in case of compromise.
Security Audits: Conduct regular security audits to identify and address potential vulnerabilities across your WordPress installation.