A security vulnerability has been fixed in a WordPress plugin
A flaw was discovered in the Anti-Malware Security and Brute-Force Firewall plugin for WordPress (CVE-2025-11705) that allows users with minimal privileges to read arbitrary files on the server. This vulnerability affects versions 4.23.81 and earlier. A malicious user could exploit this condition, which combines Arbitrary File Read and Spoofing with a Missing Authorization check, on a target system.
Administrators are advised to update Anti-Malware Security and Brute-Force Firewall to version 4.23.83 as soon as possible.
Source: wordfence.com
04 November 2025