Recent Vulnerabilities in WordPress Plugins: Malware Scanner Issues

Edward Zhou
Edward Zhou

CEO & Co-Founder

 
July 16, 2025
3 min read

WordPress Malware Scanner Plugin Contains Vulnerability

The Malcure Malware Scanner plugin has been identified with a high-severity vulnerability, rated at 8.1, and is currently shut down in the WordPress repository. This vulnerability allows authenticated attackers to delete arbitrary files due to a missing capability check on the wpmr_delete_file() function.

WordPress Malware Scanner Plugin Contains Vulnerability

Image courtesy of Search Engine Journal

The plugin has over 10,000 installations. Despite requiring user authentication for exploitation, the risk remains significant as it only necessitates subscriber-level access, the lowest level on WordPress sites.

According to Wordfence, "This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible."

Users are advised to uninstall the plugin immediately as there is no known patch available.

Malcure Plugin Screenshot

Malcure Plugin At WordPress Repository

Image courtesy of Search Engine Journal

Malware Scanner Plugin Vulnerabilities

The Malware Scanner WordPress plugin prior to version 4.5.2 does not sanitize and escape its settings, leading to potential Cross-Site Scripting (XSS) attacks. Malicious users with administrator privileges can store harmful Javascript code, especially when unfiltered_html is disallowed, such as in multisite setups.

CVE Details

  • CVE ID: CVE-2022-1995
  • Severity: Moderate
  • CVSS Score: 4.8/10
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High

For more details, visit CVE-2022-1995 and the WPScan Vulnerability.

Recent Vulnerable WordPress Plugins

Vulnerable plugins have been a significant cause of attacks on WordPress sites, accounting for about 55.9% of all hacking incidents. Users are encouraged to keep their plugins updated to mitigate risks.

Duplicator – WordPress Migration Plugin

The Duplicator plugin, used for site migration and backups, has faced an arbitrary file download vulnerability. Attackers could exploit this flaw to access and download sensitive files. A critical update was released in version 1.3.28 and Duplicator Pro Version 3.8.71.

ThemeGrill Demo Importer

This plugin allows users to import themes and content. A vulnerability allows hackers to take control of admin accounts. A patch was issued in version 1.6.3.

Profile Builder Plugin

A flaw in this plugin allowed unauthorized admin account registrations, impacting all versions up to 3.1.0. Users must update to version 3.1.1 for security.

Flexible Checkout Fields for WooCommerce

This plugin, which customizes checkout fields, had vulnerabilities that enabled malicious code injection. Updates were released in versions 2.3.2 and 2.3.3.

Async JavaScript

The Async JavaScript plugin faced a vulnerability allowing remote code execution attacks. The latest secure version is 2.20.03.01.

For additional details on the vulnerabilities, visit the blog on MalCare.

Malware Removal Strategies

If you suspect a malware infection, consider using tools like Wordfence for scanning and cleaning your site. Some recommended practices include:

  • Regularly update plugins and themes.
  • Change file permissions appropriately.
  • Disable XML-RPC API.
  • Use strong passwords and avoid common usernames.

If your site has been compromised, it's essential to remove any malware and secure your site against future attacks. For assistance, check out Malware Removal Services.

By following these steps, you can significantly reduce the risk of your WordPress site being compromised.

Edward Zhou
Edward Zhou

CEO & Co-Founder

 

CEO & Co-Founder of Gopher Security, leading the development of Post-Quantum cybersecurity technologies and solutions.

Related News

NIST Standards Drive 2026 Mandates for Securing AI Infrastructure and Model Context Protocol Deployments
NIST AI Risk Management Framework

NIST Standards Drive 2026 Mandates for Securing AI Infrastructure and Model Context Protocol Deployments

Prepare for 2026 NIST AI mandates. Learn how to secure autonomous agents and Model Context Protocol (MCP) deployments against evolving enterprise security threats.

By Alan V Gutnov June 11, 2026 6 min read
common.read_full_article
Active Directory Certificate Services Now Supports Post-Quantum Cryptography for Windows Environments
Post-Quantum Cryptography AD CS

Active Directory Certificate Services Now Supports Post-Quantum Cryptography for Windows Environments

Microsoft adds Post-Quantum Cryptography (PQC) to AD CS. Learn how ML-DSA and hybrid key exchanges protect Windows environments against Harvest Now, Decrypt Later.

By Edward Zhou June 12, 2026 4 min read
common.read_full_article
Enterprises Face 2026 Deadline for NIST-Compliant Post-Quantum Cryptography Migration and Infrastructure Readiness
NIST post-quantum cryptography standards 2026

Enterprises Face 2026 Deadline for NIST-Compliant Post-Quantum Cryptography Migration and Infrastructure Readiness

Is your enterprise ready for the 2026 NIST PQC deadline? Learn how to mitigate Harvest Now, Decrypt Later threats and update your infrastructure to quantum-resistant standards.

By Brandon Woo June 10, 2026 7 min read
common.read_full_article
Cloud and Zero Trust Architecture Adoption Accelerate Modernization of Industrial Control Systems Security
industrial control systems zero trust

Cloud and Zero Trust Architecture Adoption Accelerate Modernization of Industrial Control Systems Security

Explore how Zero Trust Architecture and cloud adoption are transforming Industrial Control Systems (ICS) security to mitigate modern cyber threats.

By Alan V Gutnov June 9, 2026 4 min read
common.read_full_article