CVE-2025-7772 – This vulnerability in the Malcure Malware Scann... (How to Fix)

Q: What is the severity of CVE-2025-7772?

CVE-2025-7772 has a CVSS score of 6.5 (MEDIUM). This vulnerability in the Malcure Malware Scanner WordPress plugin allows authenticated attackers with subscriber-level access or higher to read arbitrary files on the server. The flaw exists in the wpmr_inspect_file() function which lacks proper capability checks, potentially exposing sensitive information like configuration files, credentials, or database contents. All WordPress sites using this plugin up to version 16.8 are affected.

📋 TL;DR

This vulnerability in the Malcure Malware Scanner WordPress plugin allows authenticated attackers with subscriber-level access or higher to read arbitrary files on the server. The flaw exists in the wpmr_inspect_file() function which lacks proper capability checks, potentially exposing sensitive information like configuration files, credentials, or database contents. All WordPress sites using this plugin up to version 16.8 are affected.

💻 Affected Systems

Products:

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal

Versions: All versions up to and including 16.8

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin enabled and at least one authenticated user account (subscriber or higher).

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain access to sensitive files like wp-config.php containing database credentials, SSH keys, or other configuration files, leading to complete site compromise and potential lateral movement to other systems.

🟠

Likely Case

Attackers exfiltrate sensitive configuration files, database credentials, or other site data, potentially enabling further attacks or data theft.

🟢

If Mitigated

With proper access controls and monitoring, unauthorized file access attempts are detected and blocked before sensitive data is exposed.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once an attacker has valid credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 16.8

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3309451%40wp-malware-removal&new=3309451%40wp-malware-removal&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Malcure Malware Scanner' and check if update is available. 4. Click 'Update Now' or manually update to version after 16.8. 5. Verify plugin is updated to latest version.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable the Malcure Malware Scanner plugin until patched

wp plugin deactivate wp-malware-removal

Restrict user capabilities

all

Remove file read capabilities from subscriber and other low-privilege roles

wp role reset subscriber
wp cap remove subscriber read

🧯 If You Can't Patch

Disable the Malcure Malware Scanner plugin immediately
Implement strict access controls and monitor for suspicious file read attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins for Malcure Malware Scanner version 16.8 or earlier

Check Version:

wp plugin get wp-malware-removal --field=version

Verify Fix Applied:

Verify plugin version is higher than 16.8 in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in WordPress or web server logs
Multiple requests to wpmr_inspect_file endpoint from single user
Access attempts to sensitive files like wp-config.php

Network Indicators:

Outbound transfers of large configuration files
Unusual data exfiltration patterns

SIEM Query:

source="wordpress" AND (uri_path="*wpmr_inspect_file*" OR file_access="wp-config.php")

📊 Metadata

CVE ID: CVE-2025-7772

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-862

EPSS Score: 0.04% exploit probability (12.9th percentile)

Published: July 18, 2025

Last Updated: July 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-7772, you might also want to check these: