CVE-2025-6043 is a high-severity vulnerability affecting the Malcure Malware Scanner plugin for WordPress, a widely used toolset for malware removal. The vulnerability arises from a missing authorization check (CWE-862) in the wpmr_delete_file() function, which is responsible for deleting files. Specifically, the plugin fails to verify whether the user has the necessary capabilities before allowing file deletion. This flaw allows any authenticated user with Subscriber-level access or higher to delete arbitrary files on the server. The exploitability of this vulnerability is conditional on the WordPress site having the plugin's advanced mode enabled, which exposes the vulnerable functionality. Successful exploitation can lead to arbitrary file deletion, which in turn can enable remote code execution (RCE) by removing or modifying critical files, potentially allowing attackers to execute malicious code remotely. The vulnerability affects all versions of the plugin up to and including version 16.8. The CVSS v3.1 base score is 8.1, reflecting a high severity due to the network attack vector, low attack complexity, and the requirement of low privileges (authenticated user) but no user interaction. The impact on integrity and availability is high, while confidentiality impact is none. No known exploits are currently reported in the wild, but the vulnerability's nature and ease of exploitation make it a significant risk for WordPress sites using this plugin with advanced mode enabled.

For European organizations, the impact of this vulnerability can be substantial, especially for those relying on WordPress for their web presence and using the Malcure Malware Scanner plugin. Exploitation could lead to unauthorized deletion of critical files, resulting in website downtime, data loss, and potential defacement. More critically, the ability to achieve remote code execution could allow attackers to deploy backdoors, steal sensitive data, or pivot within the network, compromising broader IT infrastructure. This is particularly concerning for sectors with strict data protection regulations such as GDPR, where data integrity and availability are paramount. The disruption of public-facing websites could damage organizational reputation and lead to financial losses. Additionally, attackers could leverage compromised sites as part of larger botnets or for phishing campaigns, amplifying the threat landscape. The requirement for only Subscriber-level access lowers the barrier for exploitation, as such accounts are common in multi-user WordPress environments, increasing the risk profile for European enterprises and institutions using this plugin.

To mitigate this vulnerability, European organizations should immediately audit their WordPress installations to identify the presence of the Malcure Malware Scanner plugin and verify if advanced mode is enabled. If so, disable advanced mode until a patch or update is available. Since no patch links are currently provided, organizations should monitor the vendor’s official channels for updates and apply them promptly once released. In the interim, restrict user roles and permissions rigorously, ensuring that only trusted users have Subscriber-level or higher access. Implement web application firewalls (WAFs) with rules to detect and block suspicious requests targeting the wpmr_delete_file() function or related endpoints. Conduct regular file integrity monitoring to detect unauthorized file deletions or modifications. Additionally, consider isolating WordPress instances in segmented network zones to limit lateral movement in case of compromise. Employ multi-factor authentication (MFA) for all user accounts to reduce the risk of credential compromise. Finally, maintain regular backups of website files and databases to enable rapid recovery from any destructive attacks.