WP-Safety

Malcure Malware Shield — Removal, Repair, Monitor Security & Risk Analysis

wordpress.org/plugins/wp-malware-removal

Fast malware removal & security shield. Fix hacks, stop redirects, clean SEO spam. Real-time threat intelligence. No bloat.

10K active installs v19.8 PHP 5.6+ WP 3.7.4+ Updated Feb 13, 2026
antivirusmalware-scannersecurityvirusvulnerability-scanner
96
A · Safe
CVEs total3
Unpatched0
Last CVESep 3, 2025
Plugin page Download
Safety Verdict

Is Malcure Malware Shield — Removal, Repair, Monitor Safe to Use in 2026?

Generally Safe

Score 96/100

Malcure Malware Shield — Removal, Repair, Monitor has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Sep 3, 2025Updated 1mo ago
Risk Assessment

The wp-malware-removal v19.8 plugin exhibits a mixed security posture. While it demonstrates good practices like a high percentage of prepared SQL statements and properly escaped output, significant concerns arise from its large attack surface, particularly the substantial number of AJAX handlers lacking authorization checks. This indicates a high susceptibility to unauthorized access and potential privilege escalation if an attacker can leverage these entry points.

The static analysis highlights two instances of the dangerous 'exec' function, which could be exploited for remote code execution if supplied with user-controlled input. The taint analysis, while not revealing critical or high-severity vulnerabilities in this specific scan, did identify flows with unsanitized paths, suggesting potential for logic errors or unexpected behavior that could be exploited. The history of three known CVEs, with one high-severity vulnerability being missing authorization, reinforces the concern around the plugin's authorization handling. Although no vulnerabilities are currently unpatched, the historical pattern points to recurring issues in securing entry points.

In conclusion, the plugin has strengths in its data handling but significant weaknesses in its access control mechanisms for AJAX endpoints. The presence of dangerous functions and the historical pattern of authorization vulnerabilities necessitate careful scrutiny and potentially further investigation into the specific implementation of its AJAX handlers. The plugin is not inherently insecure, but the identified attack vectors present a tangible risk.

Key Concerns

  • Unprotected AJAX handlers
  • Use of dangerous function 'exec'
  • Unsanitized paths in taint flows
  • Past high severity vulnerability (Missing Authorization)
  • Past medium severity vulnerabilities
Vulnerabilities
3

Malcure Malware Shield — Removal, Repair, Monitor Security Vulnerabilities

CVEs by Year

3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
2

3 total CVEs

CVE-2025-3701medium · 4.3Missing Authorization

Malcure Malware Scanner <= 16.8 - Missing Authorization

Sep 3, 2025 Patched in 16.9 (7d)
CVE-2025-6043high · 8.1Missing Authorization

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 17.0 - Authenticated (Subscriber+) Arbitrary File Deletion

Jul 15, 2025 Patched in 17.1 (2d)
CVE-2025-7772medium · 6.5Missing Authorization

Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read

Jun 12, 2025 Patched in 16.9 (36d)
Code Analysis
Analyzed Mar 16, 2026

Malcure Malware Shield — Removal, Repair, Monitor Code Analysis

Dangerous Functions
2
Raw SQL Queries
13
95 prepared
Unescaped Output
15
389 escaped
Nonce Checks
25
Capability Checks
29
File Operations
23
External Requests
12
Bundled Libraries
0

Dangerous Functions Found

exec$out = exec( 'file -b --mime-encoding ' . escapeshellarg( $file ), $output, $return );inc\pro.php:590
exec$out = exec( 'file -b --mime-encoding ' . escapeshellarg( $file ), $output, $return );traits\wpmr_helpers.php:427

SQL Query Safety

88% prepared108 total queries

Output Escaping

96% escaped404 total outputs
Data Flows
10 unsanitized

Data Flow Analysis

16 flows10 with unsanitized paths
wpmr_license_action (traits\wpmr_helpers.php:572)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
27 unprotected

Malcure Malware Shield — Removal, Repair, Monitor Attack Surface

Entry Points31
Unprotected27

AJAX Handlers 31

noprivwp_ajax_wpmr_scanner_ajax_dispatchertraits\wpmr_stateful_scanner.php:228
authwp_ajax_wpmr_scanner_ajax_dispatchertraits\wpmr_stateful_scanner.php:229
noprivwp_ajax_wpmr_stateful_scan_operationtraits\wpmr_stateful_scanner.php:231
authwp_ajax_wpmr_stateful_scan_operationtraits\wpmr_stateful_scanner.php:232
noprivwp_ajax_wpmr_stateful_scan_filetraits\wpmr_stateful_scanner.php:234
authwp_ajax_wpmr_stateful_scan_filetraits\wpmr_stateful_scanner.php:235
noprivwp_ajax_wpmr_stateful_scan_dbtraits\wpmr_stateful_scanner.php:237
authwp_ajax_wpmr_stateful_scan_dbtraits\wpmr_stateful_scanner.php:238
authwp_ajax_wpmr_stateful_scan_statustraits\wpmr_stateful_scanner.php:240
authwp_ajax_wpmr_save_scan_scheduletraits\wpmr_stateful_scanner.php:241
authwp_ajax_wpmr_ajax_requestwpmr.php:224
authwp_ajax_wpmr_get_statswpmr.php:225
authwp_ajax_wpmr_init_scanwpmr.php:226
authwp_ajax_wpmr_scan_dbwpmr.php:227
authwp_ajax_wpmr_scan_fileswpmr.php:228
authwp_ajax_wpmr_clean_filewpmr.php:229
authwp_ajax_wpmr_delete_filewpmr.php:230
authwp_ajax_wpmr_whitelist_filewpmr.php:231
authwp_ajax_wpmr_unwhitelist_filewpmr.php:232
authwp_ajax_wpmr_inspect_filewpmr.php:233
authwp_ajax_wpmr_inspect_db_recordwpmr.php:234
authwp_ajax_wpmr_whitelist_db_recordwpmr.php:235
authwp_ajax_wpmr_unwhitelist_db_recordwpmr.php:236
authwp_ajax_wpmr_clear_infection_statswpmr.php:237
authwp_ajax_wpmr_update_sigswpmr.php:238
authwp_ajax_wpmr_resetwpmr.php:239
authwp_ajax_wpmr_web_registerwpmr.php:240
authwp_ajax_wpmr_refresh_checksumswpmr.php:241
authwp_ajax_wpmr_def_auto_update_enabledwpmr.php:242
authwp_ajax_wpmr_license_actionwpmr.php:243
authwp_ajax_wpmr_fetch_license_statuswpmr.php:244
WordPress Hooks 61
filtersanitize_titletraits\wpmr_admin_ui.php:24
actionwpmr_scheduled_scantraits\wpmr_stateful_scanner.php:243
actionwpmr_plugin_activationtraits\wpmr_stateful_scanner.php:247
actionplugins_loadedtraits\wpmr_stateful_scanner.php:250
actionadmin_inittraits\wpmr_stateful_scanner.php:251
actionwpmr_run_schema_upgradetraits\wpmr_stateful_scanner.php:252
actionwpmr_scan_phase_update_checksumstraits\wpmr_stateful_scanner.php:259
actionwpmr_scan_phase_filemalwarescantraits\wpmr_stateful_scanner.php:260
actionwpmr_scan_phase_dbmalwarescantraits\wpmr_stateful_scanner.php:261
actionwpmr_scan_phase_vulnerabilityscantraits\wpmr_stateful_scanner.php:262
filtercron_schedulestraits\wpmr_stateful_scanner.php:264
filtercron_schedulestraits\wpmr_stateful_scanner.php:265
actionwpmr_scan_monitor_eventtraits\wpmr_stateful_scanner.php:266
filterwp_mail_content_typetraits\wpmr_stateful_scanner.php:5730
actionwpmr_dailywpmr.php:179
actionwpmr_hourlywpmr.php:181
actionupgrader_process_completewpmr.php:182
actioninitwpmr.php:187
actionadmin_initwpmr.php:188
actionadmin_initwpmr.php:189
actionnetwork_admin_noticeswpmr.php:192
actionadmin_noticeswpmr.php:193
filterplugin_row_metawpmr.php:197
actionnetwork_admin_menuwpmr.php:200
actionadmin_menuwpmr.php:201
actionadmin_enqueue_scriptswpmr.php:204
actionadmin_headwpmr.php:205
actionadmin_footerwpmr.php:206
actionadmin_footerwpmr.php:208
actionadmin_footerwpmr.php:209
actionadd_meta_boxeswpmr.php:212
actioncheck_ajax_refererwpmr.php:213
filterhidden_meta_boxeswpmr.php:214
filterget_user_metadatawpmr.php:215
filteradmin_body_classwpmr.php:218
actionplugins_loadedwpmr.php:249
actionwp_dashboard_setupwpmr.php:250
filterpostbox_classes_toplevel_page_wpmr_wpmr_updates_boxwpmr.php:251
filterwpmr_skip_dirwpmr.php:252
actionwpmr_diagnostics_rowwpmr.php:253
actionautomatic_updates_completewpmr.php:260
actionupgrader_process_completewpmr.php:261
actionactivated_pluginwpmr.php:264
actiondeactivated_pluginwpmr.php:265
actionswitch_themewpmr.php:266
actiondelete_pluginwpmr.php:269
actiondeleted_themewpmr.php:270
actionedit_filewpmr.php:273
filterwp_handle_uploadwpmr.php:274
actionadd_attachmentwpmr.php:275
actionuser_registerwpmr.php:278
actionprofile_updatewpmr.php:279
actionset_user_rolewpmr.php:280
actionlogin_form_resetpasswpmr.php:281
actiondelete_userwpmr.php:282
actionadd_user_to_blogwpmr.php:283
actionwp_login_failedwpmr.php:286
actionretrieve_passwordwpmr.php:287
actionwp_loginwpmr.php:288
actionxmlrpc_publish_postwpmr.php:291
actionwpmr_scan_initwpmr.php:294

Scheduled Events 6

wpmr_scan_monitor_event
wpmr_scheduled_scan
wpmr_scheduled_scan
wpmr_run_schema_upgrade
wpmr_daily
wpmr_hourly
Maintenance & Trust

Malcure Malware Shield — Removal, Repair, Monitor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 13, 2026
PHP min version5.6
Downloads605K

Community Trust

Rating88/100
Number of ratings69
Active installs10K
Alternatives

Malcure Malware Shield — Removal, Repair, Monitor Alternatives

Virusdie – One-click website security

Virusdie – One-click website security

virusdie

A
95

Malware scanning & removal, website hardening, patching vulnerabilities, real-time protection against online attacks, blacklist monitoring in a click!

2K 4 CVEs
WebTotem Security

WebTotem Security

wt-security

A
100

WebTotem is a SaaS which provides powerful tools for securing and monitoring your website in one place in easy and flexible way.

900 No CVEs
QueryWall: Plug'n Play Firewall

QueryWall: Plug'n Play Firewall

querywall

C
63

Autopilot protection for your WordPress against malicious URL requests.

200 1 unpatched
Shieldfy Security Firewall and Anti Virus

Shieldfy Security Firewall and Anti Virus

shieldfy

A
100

Shieldfy is a cloud-based security shield for your website to protect it from web attacks and malwares.

40 No CVEs
MoeSec Security – Comprehensive Malware Scanner & Security Suite

MoeSec Security – Comprehensive Malware Scanner & Security Suite

moesec

A
100

MoeSec Security is a comprehensive plugin for Malware Scanning, Monitoring, Integrity, Security Hardening and Protection.

30 No CVEs
Developer Profile

Malcure Malware Shield — Removal, Repair, Monitor Developer Profile

Malcure Web Security

1 plugin · 10K total installs

91
trust score
Avg Security Score
96/100
Avg Patch Time
15 days
View full developer profile
Detection Fingerprints

How We Detect Malcure Malware Shield — Removal, Repair, Monitor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-malware-removal/assets/css/admin.css/wp-content/plugins/wp-malware-removal/assets/css/wpmr-frontend.css/wp-content/plugins/wp-malware-removal/assets/js/wpmr-admin.js/wp-content/plugins/wp-malware-removal/assets/js/wpmr-frontend.js
Script Paths
https://malcure.com/wp-content/plugins/wp-malware-removal/assets/js/wpmr-frontend.js
Version Parameters
wp-malware-removal/assets/css/admin.css?ver=wp-malware-removal/assets/css/wpmr-frontend.css?ver=wp-malware-removal/assets/js/wpmr-admin.js?ver=wp-malware-removal/assets/js/wpmr-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpmr-scanningwpmr-scanning-overlay
HTML Comments
<!-- Malcure Malware Shield — Removal, Repair, Monitor --><!-- START WPMR SECURE --><!-- END WPMR SECURE --><!-- WPMR -->+5 more
Data Attributes
data-wpmr-scanningdata-wpmr-scan-iddata-wpmr-message
JS Globals
wpmr_vars
REST Endpoints
/wp-json/wpmr/v1/scan/wp-json/wpmr/v1/clean/wp-json/wpmr/v1/sync
FAQ

Frequently Asked Questions about Malcure Malware Shield — Removal, Repair, Monitor