CVE-2025-7772
BaseFortify
Publication date: 2025-07-18
Last updated on: 2025-07-22
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| malcure | malware_scanner | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Malcure Malware Scanner WordPress plugin allows authenticated users with subscriber-level access or higher to read arbitrary files on the server. It occurs because the function wpmr_inspect_file() lacks proper capability checks, enabling these users to access sensitive file contents without authorization. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information stored on the server by allowing attackers with low-level access to read arbitrary files. This could expose confidential data, configuration files, or other critical information, potentially leading to further exploitation or data breaches. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively impact compliance with standards like GDPR and HIPAA because it risks unauthorized access to sensitive personal or protected health information. Such data exposure could lead to violations of data protection requirements and result in legal and financial penalties. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, you can check if your WordPress site is running the Malcure Malware Scanner plugin version 16.8 or earlier, which is vulnerable. There are no specific network detection commands provided, but you can verify the plugin version via WordPress admin or by running commands like `wp plugin list` if WP-CLI is installed. Additionally, monitoring for unauthorized AJAX requests to endpoints such as `wpmr_inspect_file` could indicate exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Malcure Malware Scanner plugin to version 16.9 or later, which includes fixes for this vulnerability by enforcing strict capability checks and nonce verification on AJAX endpoints. Until the update is applied, restrict access to the plugin's AJAX endpoints and ensure only trusted users have subscriber-level or higher access. [1]