Friday, 10 July 2026

A security vulnerability has been fixed in a WordPress plugin

A flaw was discovered in the Anti-Malware Security and Brute-Force Firewall plugin for WordPress (CVE-2025-11705) that allows users with minimal privileges to read arbitrary files on the server. This vulnerability affects versions 4.23.81 and earlier. A malicious user could exploit this condition, which combines Arbitrary File Read and Spoofing with a Missing Authorization check, on a target system.

Administrators are advised to update Anti-Malware Security and Brute-Force Firewall to version 4.23.83 as soon as possible.

Source: wordfence.com

04 November 2025

-
40