CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Anti-Malware Security and Brute-Force Firewall plugin vulnerability exposes private data

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows authenticated subscribers to read arbitrary files on the server, potentially exposing private information. The flaw, tracked as CVE-2025-11705, affects versions 4.23.81 and earlier. The vulnerability stems from missing capability checks in the GOTMLS_ajax_scan() function, which processes AJAX requests using a nonce that attackers can obtain. This oversight allows low-privileged users to read sensitive data, including the wp-config.php configuration file, which stores database credentials. With access to the database, an attacker can extract password hashes, users’ emails, posts, and other private data. The vulnerability was reported to Wordfence by researcher Dmitrii Ignatyev and was patched by the vendor in version 4.23.83, released on October 15, 2025. Wordfence recommends applying the patch to mitigate the risk of exploitation.

Timeline

  1. 29.10.2025 22:44 1 articles · 12d ago

    CVE-2025-11705 vulnerability in Anti-Malware Security and Brute-Force Firewall plugin disclosed

    The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows authenticated subscribers to read arbitrary files on the server, potentially exposing private information. The flaw, tracked as CVE-2025-11705, affects versions 4.23.81 and earlier. The vulnerability was reported to Wordfence by researcher Dmitrii Ignatyev and was patched by the vendor in version 4.23.83, released on October 15, 2025. Wordfence recommends applying the patch to mitigate the risk of exploitation.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Post SMTP Plugin Vulnerability Exploited to Hijack WordPress Admin Accounts

A critical vulnerability in the Post SMTP WordPress plugin, tracked as CVE-2025-11833, is being actively exploited to hijack administrator accounts. The flaw allows unauthenticated attackers to read logged emails, including password reset messages, leading to account takeover and full site compromise. The vulnerability affects all versions of Post SMTP from 3.6.0 and older, with over 400,000 downloads. The issue was reported on October 11 and patched on October 29. However, as of November 4, at least 210,000 sites remain vulnerable. Exploitation attempts began on November 1, with over 4,500 blocked attempts since then. The Post SMTP plugin is a popular email delivery solution for WordPress. The flaw allows unauthenticated attackers to read arbitrary logged emails, including password reset messages. The vulnerability was reported on October 11 and patched on October 29. However, as of November 4, at least 210,000 sites remain vulnerable. Exploitation attempts began on November 1, with over 4,500 blocked attempts since then.

Open in new tab