VulnerAlert



MALWARE
WORDPRESS
16-07-2025 04:20

CVE-2025-6043 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#site
#plugin
#malware
#exploit
#wp
#tools
#advanced
#deletion
#attackers
#authenticated
#arbitrary
#vulnerable
#scan
#remote
#exploitable
#execution
#attack
#access
Descripción
The Malcure Malware Scanner — #1 Toolset for WordPress Removal plugin is vulnerable to Arbitrary File Deletion due a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 16.8. This makes it possible authenticated attackers, with Subscriber-level access above, delete arbitrary files making remote code execution possible. only exploitable when advanced mode enabled site.
https://plugins.trac.wordpress.org/browser/wp-malware-removal/tags/16.8/wpmr.php#L4570
https://plugins.trac.wordpress.org/browser/wp-malware-removal/tags/16.8/wpmr.php#L6304
https://plugins.trac.wordpress.org/browser/wp-malware-removal/tags/16.8/wpmr.php#L6401
https://www.wordfence.com/threat-intel/vulnerabilities/id/d44fe4d7-1af5-4e26-a33c-43a9cce4174c?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-6043
Resultados similares
Coincidentes en almenos en 50% de los tags
16-07-2025 CVE-2025-5284
The Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Condition...
Ver información
16-07-2025 CVE-2025-7359
The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file ...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por