CVE-2025-11705 – Anti-Malware Security and Brute-Force Firewall

CVE ID : CVE-2025-11705

Published : Oct. 29, 2025, 4:27 a.m. | 55 minutes ago

Description : The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS_* AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…