Possible site takeover through stolen API credentials in combination with SQLi – (WPRemote <= 5.09)

Affected pluginWPRemote
Active installs20,000+
Vulnerable version<= 5.09
Audited version5.09
Fully patched version5.16
Recommended remediationRemoval of the plugin


This vulnerability is identical to this one in MalCare because MalCare and WPRemote share 99% of their codebase.

Proof of concept

Refer to this POC and use “wpremote” in step 4. instead of “malcare”.

Proposed patch

Refer to this proposed patch.


Refer to this timeline.


Leave a Reply

Your email address will not be published. Required fields are marked *