CVE-2025-11705

Name of the Vulnerable Software and Affected Versions Anti-Malware Security and Brute-Force Firewall for WordPress versions prior to 4.23.83

Description The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is susceptible to an arbitrary file read issue. This is due to a missing capability check combined with information exposure in several GOTMLS * AJAX actions. Authenticated attackers with Subscriber-level access or higher can read arbitrary files on the server, potentially exposing sensitive information such as database credentials and security keys. Over 100,000 sites are estimated to be affected. The issue stems from a lack of proper authorization in the GOTMLS ajax scan() function, which handles AJAX requests. This allows a user with limited privileges to read sensitive files, including the wp-config.php file. The vulnerability was addressed in version 4.23.83 with the addition of proper user permission checks using the GOTMLS kill invalid user() function.

Recommendations Update to version 4.23.83 or later.