Anti-Malware Security and Brute-Force Firewall plugin for WordPress file-read flaw (CVE-2025-11705)
Vulnerability
Summary
Hide ▲
Show ▼
A CVE-2025-11705 flaw in the Anti-Malware Security and Brute-Force Firewall plugin for WordPress lets low-privileged subscribers read arbitrary files on sites running version 4.23.81 and earlier, exposing sensitive server and database data. The weakness is a missing capability check in `GOTMLS_ajax_scan()` that can be triggered through AJAX requests. Exposed content can include wp-config.php, database credentials, password hashes, emails, posts, and authentication secrets. Version 4.23.83 fixes the issue, and Wordfence says it has not detected exploitation in the wild so far.
Related Happenings
EssentialPlugin package hit by network compromise
Incident
First: 15.04.2026 23:33
Last: 15.04.2026 23:33
Sources 1
About this happening:
The **EssentialPlugin** WordPress package was **compromised with a backdoor**, enabling **unauthorized access** to websites running its plugins and putting **hundreds of thousands...
EssentialPlugin package hit by network compromise
IncidentAbout this happening: The **EssentialPlugin** WordPress package was **compromised with a backdoor**, enabling **unauthorized access** to websites running its plugins and putting **hundreds of thousands...
Post SMTP CVE-2025-11833 exploitation wave
Exploitation Wave
First: 04.11.2025 23:46
Last: 04.11.2025 23:46
Sources 1
About this happening:
**CVE-2025-11833** in the **Post SMTP** WordPress plugin is being actively exploited to hijack administrator accounts, putting **more than 400,000 sites** at risk of **full site c...
Post SMTP CVE-2025-11833 exploitation wave
Exploitation WaveAbout this happening: **CVE-2025-11833** in the **Post SMTP** WordPress plugin is being actively exploited to hijack administrator accounts, putting **more than 400,000 sites** at risk of **full site c...
Timeline
-
29.10.2025 22:44 2 articles · 6mo ago
Wordfence reports CVE-2025-11705 file-read flaw in Anti-Malware Security and Brute-Force Firewall plugin
Initial DisclosureWordfence reported CVE-2025-11705 in the Anti-Malware Security and Brute-Force Firewall plugin for WordPress, describing a missing capability check in GOTMLS_ajax_scan() that could let low-privileged subscribers read arbitrary files on sites running version 4.23.81 and earlier.
Show sources
- WordPress security plugin exposes private data to site subscribers — www.bleepingcomputer.com — 29.10.2025 22:44
- WordPress security plugin exposes private data to site subscribers — www.bleepingcomputer.com — 29.10.2025 22:44
-
29.10.2025 22:44 1 articles · 6mo ago
Eli releases version 4.23.83 to fix CVE-2025-11705
Mitigation Patch UpdateThe developer released version 4.23.83 of the Anti-Malware Security and Brute-Force Firewall plugin for WordPress on October 15, adding a proper user capability check via GOTMLS_kill_invalid_user() to address CVE-2025-11705.
Show sources
- WordPress security plugin exposes private data to site subscribers — www.bleepingcomputer.com — 29.10.2025 22:44
-
29.10.2025 22:44 1 articles · 6mo ago
Wordfence finds no signs of CVE-2025-11705 exploitation in the wild
Detection Ioc UpdateWordfence said it had not detected signs of exploitation in the wild for CVE-2025-11705 in the Anti-Malware Security and Brute-Force Firewall plugin for WordPress and strongly recommended applying version 4.23.83.
Show sources
- WordPress security plugin exposes private data to site subscribers — www.bleepingcomputer.com — 29.10.2025 22:44