CVE-2025-8213 – NinjaScanner WordPress File Deletion Vulnerability

CVE ID : CVE-2025-8213

Published : July 31, 2025, 1:15 p.m. | 17 minutes ago

Description : The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ‘nscan_ajax_quarantine’ and ‘nscan_quarantine_select’ functions in all versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, including files outside the WordPress root directory.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…