Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal 16.9

  • Severity: high-risk
  • Status: Fixed
  • Publication: July 15, 2025

The Malcure Malware Scanner is a popular plugin for WordPress that helps remove malicious software. However, it has a vulnerability that allows attackers to delete files on a website. This can lead to remote code execution, meaning the attacker can control the website from a remote location. This vulnerability affects all versions up to 16.8 and can only be exploited if “advanced mode” is enabled on the website.

Detected in:

Malcure Malware Scanner — #1 Toolset for Malware Removal fixed vulnerable versions:
Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal fixed vulnerable versions: >= * <= 17.0
Malcure Malware Scanner — Advanced Toolset for Malware Removal fixed vulnerable versions:
Malcure Malware Scanner — Advanced Virus and Infection Cleanup fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.