WORDPRESS VULNERABILITY CVE-2025-11705 Firewall Plugin

WORDPRESS VULNERABILITY CVE-2025-11705 Firewall Plugin

SUMMARY: A critical vulnerability in the Anti-Malware Security and Brute-Force Firewall plugin for WordPress, tracked as CVE-2025-11705, allows authenticated users with subscriber-level access to read arbitrary files on the server, potentially exposing sensitive data such as database credentials and cryptographic keys. The flaw, stemming from missing capability checks in the GOTMLS_ajax_scan() function, affects versions 4.23.81 and earlier and was patched on October 15, 2025, with version 2.23.83. Despite the patch, approximately 50,000 sites remain vulnerable as of early November 2025.

The vulnerability enables low-privileged users to access critical server files like wp-config.php, which contains database names and credentials. The issue was reported to Wordfence by researcher Dmitrii Ignatyev and has a severity score of 6.8/10 (medium). The plugin is installed on over 100,000 sites, making the exposure widespread. Although no exploitation in the wild has been confirmed as of early November 2025, experts warn that such vulnerabilities are often targeted after public disclosure. Website administrators are strongly urged to update the plugin immediately to prevent potential data breaches.

from Tech Radar: this popular wordpress security plugin has a worrying flaw which exposed user data