Description
WordPress Plugin Malware Scanner is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin Malware Scanner version 4.7.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.7.3 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:D95F761F-5385-482A-8C69-560E920267AF
https://plugins.svn.wordpress.org/miniorange-malware-protection/trunk/readme.txt
Related Vulnerabilities
Oracle HTTP Server CVE-2007-0280 Vulnerability (CVE-2007-0280)
WordPress Plugin WolfNet IDX for WordPress Multiple Unspecified Vulnerabilities (1.14.7)
PostgreSQL Other Vulnerability (CVE-2002-0802)
MySQL CVE-2021-35627 Vulnerability (CVE-2021-35627)
WordPress Plugin WP htaccess Control Unspecified Vulnerability (2.4)