CVE-2025-6043 – WordPress Malware Removal Plugin File Deletion Arbitrary File Deletion Vulnerability

CVE ID : CVE-2025-6043

Published : July 16, 2025, 7:15 a.m. | 1 hour, 19 minutes ago

Description : The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function in all versions up to, and including, 16.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files making remote code execution possible. This is only exploitable when advanced mode is enabled on the site.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…