Wordfence printed an advisory on the WordPress Malcure Malware Scanner plugin, which was found to have a vulnerability rated at a severity stage of 8.1. On the time of publishing, there isn’t any patch to repair the issue.
Screenshot Displaying 8.1 Severity Score
Malcure Malware Scanner Vulnerability
The Malcure Malware Scanner plugin, put in on over 10,000 WordPress web sites, is susceptible to “Arbitrary File Deletion as a result of a lacking functionality test on the wpmr_delete_file() perform” by authenticated attackers. The truth that an attacker wants authentication as a consumer makes it rather less seemingly for it to be exploited, nonetheless not by a lot as a result of it solely requires subscriber stage authentication, which is the bottom stage of authentication. The “subscriber” function is the default stage of registration on a WordPress web site (if registration is allowed).
In response to Wordfence:
“This makes it attainable for authenticated attackers, with Subscriber-level entry and above, to delete arbitrary information making distant code execution attainable. That is solely exploitable when superior mode is enabled on the location.”
There isn’t any recognized patch accessible for the plugin and customers are cautioned to take needed actions resembling uninstalling the plugin to mitigate threat.
The plugin is presently unavailable for obtain with a discover exhibiting that it’s beneath overview.
Screenshot Of Malcure Plugin At WordPress Repository
Learn Extra WordPress Information
WordPress Replace 6.8.2 – Ends Safety Help For 0.9% of Websites
Featured Picture by Shutterstock/Kues
