{"id":8318,"date":"2025-07-18T02:47:23","date_gmt":"2025-07-18T02:47:23","guid":{"rendered":"http:\/\/localhost\/?p=8318"},"modified":"2025-07-18T02:47:23","modified_gmt":"2025-07-18T02:47:23","slug":"malcure-malware-scanner-1-toolset-for-wordpress-malware-removal-168-missing-authorization-to-authent","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=8318","title":{"rendered":"Malcure Malware Scanner \u2014 #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nMalcure Malware Scanner \u2014 #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-18T06:45:32.423Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-18T06:45:32.423Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nmalcure<\/td>\n<\/tr>\n
Product<\/th>\nMalcure Malware Scanner \u2014 #1 Toolset for Malware Removal<\/td>\n<\/tr>\n
Version<\/th>\n*<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n6.5 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:N<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nThe Malcure Malware Scanner WordPress plugin is vulnerable to Arbitrary File Read, allowing authenticated attackers with subscriber access or higher to read arbitrary files on the server, potentially exposing sensitive information.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
AI Vendor<\/th>\nWordPress Community<\/td>\n<\/tr>\n
AI Product<\/th>\nMalcure Malware Scanner<\/td>\n<\/tr>\n
AI Version<\/th>\n16.8<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n