{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7772", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-17T17:27:25.125Z", "datePublished": "2025-07-18T06:45:32.423Z", "dateUpdated": "2026-04-08T16:37:41.763Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:37:41.763Z"}, "affected": [{"vendor": "malcure", "product": "Malcure Malware Shield \u2014 Removal, Repair, Monitor", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "16.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Malcure Malware Scanner \u2014 #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "title": "Malcure Malware Scanner \u2014 #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/18ce05fa-0b10-4796-9e78-03e653b862da?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3309451%40wp-malware-removal&new=3309451%40wp-malware-removal&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Arkadiusz Hydzik"}], "timeline": [{"time": "2025-06-12T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-18T13:57:17.911166Z", "id": "CVE-2025-7772", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T13:59:12.195Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7772", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-18T13:57:17.911166Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-18T13:59:06.168Z"}}], "cna": {"title": "Malcure Malware Scanner \u2014 #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read", "credits": [{"lang": "en", "type": "finder", "value": "Arkadiusz Hydzik"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "malcure", "product": "Malcure Malware Shield \u2014 Removal, Repair, Monitor", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "16.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-12T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/18ce05fa-0b10-4796-9e78-03e653b862da?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3309451%40wp-malware-removal&new=3309451%40wp-malware-removal&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Malcure Malware Scanner \u2014 #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:37:41.763Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7772", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:37:41.763Z", "dateReserved": "2025-07-17T17:27:25.125Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-18T06:45:32.423Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Malcure Malware Scanner \u2014 #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 16.8 via the wpmr_inspect_file() function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}, {"lang": "es", "value": "El complemento Malcure Malware Scanner \u2014 #1 Toolset for WordPress Malware Removal de WordPress es vulnerable a la lectura arbitraria de archivos en todas las versiones hasta la 16.8 incluida, a trav\u00e9s de la funci\u00f3n wpmr_inspect_file(), debido a la falta de una comprobaci\u00f3n de capacidad. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, lean el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial."}], "id": "CVE-2025-7772", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-18T07:15:28.280", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3309451%40wp-malware-removal&new=3309451%40wp-malware-removal&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/18ce05fa-0b10-4796-9e78-03e653b862da?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T17:05:41.988608+00:00", "value": {"mitigation_remediation": ["Apply any vendor\u2011issued patch or update for Malcure Malware Shield as soon as it becomes available.", "Limit the scope of the plugin\u2019s inspect function by configuring file path restrictions or setting the plugin to operate only within trusted directories.", "Monitor WordPress logs for unusual file\u2011inspection activity and review user permissions to ensure only trusted users maintain subscriber or higher roles."], "summary": {"action": "Apply Fix", "impact": "Arbitrary File Read"}, "threat_synthesis": {"affected_systems": "Any WordPress site that has the Malcure Malware Shield plugin installed at version 16.8 or earlier is vulnerable. The issue exists across all WordPress core versions and does not depend on site configuration beyond the presence of the affected plugin.", "description_and_impact": "The Malcure Malware Shield plugin for WordPress contains a missing capability check in its wpmr_inspect_file() function. This flaw allows any authenticated user who holds at least subscriber-level permissions to request the contents of any file located on the server through the plugin\u2019s interface. The vulnerability can expose sensitive configuration files, credentials, or other confidential data, compromising the confidentiality of the site and potentially the integrity of the host environment.", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate severity, while an EPSS score of less than 1% suggests a low likelihood of exploitation at this time. The vulnerability is not currently listed in the CISA KEV catalog. Attackers need only authenticated subscriber or higher privileges, which are common in logged\u2011in users, to trigger the file read. Once the attacker can supply an arbitrary file path via the vulnerable function, the plugin returns the file contents, potentially leaking sensitive information."}}}}, "created": "2025-07-21T15:17:12.879443+00:00", "updated": "2026-04-22T17:15:22.197412+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}