CVE-2025-7772 is a vulnerability classified under CWE-862 (Missing Authorization) found in the Malcure Malware Scanner plugin for WordPress, a widely used toolset for malware removal. The flaw exists in the wpmr_inspect_file() function, which lacks proper capability checks to verify if the authenticated user has sufficient privileges to access certain files. As a result, any authenticated user with subscriber-level access or higher can exploit this vulnerability to perform arbitrary file reads on the server hosting the WordPress site. This can lead to exposure of sensitive information such as configuration files, credentials, or other private data stored on the server. The vulnerability affects all plugin versions up to 16.8, with no patch currently available. The CVSS v3.1 score is 6.5, reflecting a medium severity level due to the need for authentication but ease of exploitation and high confidentiality impact. The attack vector is network-based, requiring low attack complexity and no user interaction beyond login. While no known exploits have been reported in the wild, the vulnerability poses a significant risk to WordPress sites using this plugin, especially those with multiple user roles and subscribers. The scope of impact is limited to the confidentiality of data, with no direct impact on integrity or availability. The vulnerability highlights the importance of proper authorization checks in plugin functions that handle file operations.

The primary impact of CVE-2025-7772 is unauthorized disclosure of sensitive information stored on the web server. Attackers with subscriber-level access can read arbitrary files, potentially exposing database credentials, API keys, configuration files, or other confidential data. This can lead to further compromise of the WordPress site or the underlying server infrastructure. Organizations relying on the Malcure Malware Scanner plugin risk data breaches that could affect customer privacy, intellectual property, and regulatory compliance. The vulnerability does not allow modification or deletion of data, so integrity and availability remain unaffected. However, the confidentiality breach alone can have severe consequences, including reputational damage and financial losses. Since WordPress powers a significant portion of the web, and Malcure is a popular malware removal tool, the attack surface is broad. The requirement for authenticated access limits exploitation to insiders or compromised accounts, but subscriber-level permissions are common, increasing the likelihood of exploitation. The absence of known exploits in the wild suggests limited current exploitation but also highlights the need for proactive mitigation before attackers develop weaponized exploits.

To mitigate CVE-2025-7772, organizations should first check for and apply any official patches or updates from the Malcure plugin vendor once available. Until a patch is released, administrators should restrict subscriber-level user capabilities to the minimum necessary and audit user accounts to remove or disable unnecessary accounts. Implementing strong authentication mechanisms such as multi-factor authentication (MFA) can reduce the risk of account compromise. Additionally, web application firewalls (WAFs) can be configured to monitor and block suspicious requests targeting the vulnerable function. Site administrators should also review file permissions on the server to limit access to sensitive files and consider isolating WordPress installations in hardened environments. Regular security audits and monitoring for unusual file access patterns can help detect exploitation attempts. Finally, educating users about the risks of phishing and credential theft can reduce the likelihood of attackers gaining authenticated access.