CVE-2025-8213

Name of the Vulnerable Software and Affected Versions NinjaScanner – Virus & Malware scan plugin for WordPress versions through 3.2.5

Description The NinjaScanner – Virus & Malware scan plugin for WordPress is susceptible to arbitrary file deletion due to inadequate file path validation. This issue affects the nscan ajax quarantine and nscan quarantine select functions. Authenticated attackers possessing Administrator-level access or higher can exploit this to delete arbitrary files on the server, potentially including files located outside the WordPress root directory.

Recommendations Versions prior to 3.2.5 should be updated. As a temporary workaround, restrict access to the nscan ajax quarantine and nscan quarantine select functions until a patch is available.