Find notable cyber news and cases, enriched with sources, timelines, and signals.

Anti-Malware Security and Brute-Force Firewall plugin for WordPress patch release (CVE-2025-11705)

Security Patch Release
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

On October 15, Eli released version 4.23.83 of the Anti-Malware Security and Brute-Force Firewall plugin for WordPress, closing CVE-2025-11705 in sites running earlier builds. The update adds a proper user capability check through GOTMLS_kill_invalid_user(), fixing the file-read path in GOTMLS_ajax_scan(). Sites on 4.23.81 and earlier needed the patch to stop a low-privileged user from reaching sensitive server files.

Related Happenings

Squid web proxy patch for CVE-2026-47729

Security Patch Release
H score20 First: 22.06.2026 17:29 Last: 22.06.2026 17:29 Sources 1

About this happening: **Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...

Gravity SMTP security patch release for CVE-2026-4020

Security Patch Release
H score16 First: 20.06.2026 12:56 Last: 20.06.2026 12:56 Sources 1

About this happening: **Gravity SMTP** released **version 2.1.5** to fix **CVE-2026-4020**, closing a **medium-severity information disclosure** flaw in the WordPress plugin. The patch addresses a bug...

F5 security patch release for CVE-2026-42530

Security Patch Release
H score39 First: 18.06.2026 20:32 Last: 18.06.2026 20:32 Sources 1

About this happening: **F5** released security updates for **NGINX Open Source** after finding **two critical vulnerabilities** that could lead to **remote code execution** on affected systems. The pat...

JCE Pro 2.9.99.6 patch for CVE-2026-48907

Security Patch Release
H score46 First: 17.06.2026 13:09 Last: 17.06.2026 13:09 Sources 1

About this happening: **JCE security team** released **JCE Pro 2.9.99.6** in **early June 2026** to fix **CVE-2026-48907** in the **Widget Factory Joomla Content Editor (JCE) plugin**. The update addre...

LiteLLM endpoint-hardening patch release (CVE-2026-42271)

Security Patch Release
H score59 First: 09.06.2026 09:26 Last: 09.06.2026 09:26 Sources 1

About this happening: BerriAI released **LiteLLM 1.83.7**, hardening access to the vulnerable **MCP test endpoints** that accepted full server configurations. The update now requires the **PROXY_ADMIN*...

Timeline

  1. 29.10.2025 22:44 1 articles · 8mo ago

    Wordfence reports CVE-2025-11705 in the Anti-Malware Security and Brute-Force Firewall plugin for WordPress

    Initial Disclosure

    Wordfence reported CVE-2025-11705 in the Anti-Malware Security and Brute-Force Firewall plugin for WordPress to Eli through the WordPress.org Security Team on October 14, and shared a validated proof-of-concept exploit for the missing capability check in GOTMLS_ajax_scan(), which could let a low-privileged subscriber read arbitrary files on the server, including wp-config.php.

    Show sources
  2. 29.10.2025 22:44 2 articles · 8mo ago

    Eli releases version 4.23.83 to fix CVE-2025-11705 in the Anti-Malware Security and Brute-Force Firewall plugin for WordPress

    Mitigation Patch Update

    Eli released version 4.23.83 of the Anti-Malware Security and Brute-Force Firewall plugin for WordPress on October 15, adding GOTMLS_kill_invalid_user() to enforce a proper user capability check and fix CVE-2025-11705 in versions 4.23.81 and earlier.

    Show sources