CVE-2025-7772 is a vulnerability identified in the Malcure Malware Scanner plugin for WordPress, a widely used toolset for malware removal. The vulnerability is classified as CWE-862, indicating a missing authorization check. Specifically, the issue exists in the wpmr_inspect_file() function, which lacks proper capability verification before allowing file inspection. This flaw enables authenticated attackers with subscriber-level privileges or higher to perform arbitrary file reads on the server hosting the WordPress site. Since subscriber-level access is relatively low privilege, this significantly lowers the barrier for exploitation. The attacker can read sensitive files on the server, potentially exposing credentials, configuration files, or other confidential data. The vulnerability affects all versions up to and including 16.8 of the plugin. The CVSS v3.1 base score is 6.5 (medium severity), reflecting that the attack vector is network-based, requires low privileges, no user interaction, and impacts confidentiality but not integrity or availability. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability’s presence in a popular WordPress plugin increases the risk surface, given WordPress’s extensive deployment across many European organizations. The missing authorization check is a critical security oversight that can lead to data leakage and potential further compromise if sensitive information is harvested by attackers.

For European organizations, this vulnerability poses a significant risk to confidentiality of sensitive data hosted on WordPress sites using the Malcure Malware Scanner plugin. Many European businesses, government agencies, and non-profits rely on WordPress for their web presence, and the plugin’s popularity means a broad attack surface. Unauthorized file reads could expose private keys, database credentials, or personal data protected under GDPR, leading to regulatory penalties and reputational damage. Attackers could leverage harvested information to escalate privileges or move laterally within networks. The vulnerability’s exploitation does not affect system integrity or availability directly, but the confidentiality breach alone can have severe consequences, especially for sectors handling sensitive personal or financial information. Additionally, the medium severity score suggests that while the risk is not critical, it is substantial enough to warrant immediate attention to prevent data breaches. The lack of user interaction and the low privilege requirement make it easier for attackers to exploit once they have subscriber access, which can be obtained through phishing or weak credential reuse.

European organizations should prioritize the following mitigations: 1) Immediately audit WordPress installations to identify the presence and version of the Malcure Malware Scanner plugin. 2) Restrict subscriber-level access strictly, ensuring that only trusted users have such accounts, and enforce strong authentication policies including multi-factor authentication to reduce account compromise risk. 3) Monitor web server logs for unusual file access patterns that may indicate exploitation attempts targeting the wpmr_inspect_file() function. 4) Until an official patch is released, consider disabling or removing the Malcure plugin if feasible, or apply temporary access controls at the web server or application firewall level to restrict access to the vulnerable functionality. 5) Implement file system permissions and web server configurations that limit the plugin’s ability to read sensitive files outside its intended scope. 6) Regularly update WordPress core and all plugins to the latest versions to benefit from security fixes. 7) Conduct internal security awareness training to reduce the risk of subscriber account compromise. 8) Prepare incident response plans to quickly address any detected exploitation attempts.