—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Arbitrary File Read Vulnerability in Anti-Malware Security and Brute-Force Firewall WordPress Plugin

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: Medium

Software Affected

• WordPress Plugin Anti-Malware Security and Brute-Force Firewall- versions 4.23.81 and earlier

Overview

A vulnerability has been reported in Anti-Malware Security and Brute-Force Firewall plugin for WordPress which could allow an authenticated attacker with subscriber-level or higher access privileges to disclose sensitive information from arbitrary files on the targeted system.

Target Audience:

Users of affected WordPress Plugins.

Risk Assessment:

Medium risk of remote sensitive information disclosure. 

Impact Assessment:

Potential for unauthorized access, privilege escalation, and full compromise. 

Description

Anti-Malware Security and Brute-Force Firewall is a WordPress plugin designed to help protect against malicious software infections and prevent brute-force attacks. 

The vulnerability exists in the Anti-Malware Security and Brute-Force Firewall plugin for WordPress due to a missing capability checks and improper information handling in multiple GOTMLS_* AJAX actions.

Successful exploitation of these vulnerabilities could allow an authenticated attacker to disclose sensitive information from arbitrary files on the targeted system. 

Solution

Apply the necessary patches and updates as provided by ISC: 

https://www.wordfence.com/blog/2025/10/100000-wordpress-sites-affected-by-arbitrary-file-read-vulnerability-in-anti-malware-security-and-brute-force-firewall-wordpress-plugin/

Vendor Information 

Anti-Malware Security and Brute-Force Firewall

https://www.wordfence.com/blog/2025/10/100000-wordpress-sites-affected-by-arbitrary-file-read-vulnerability-in-anti-malware-security-and-brute-force-firewall-wordpress-plugin/

References

WordFence

https://www.wordfence.com/blog/2025/10/100000-wordpress-sites-affected-by-arbitrary-file-read-vulnerability-in-anti-malware-security-and-brute-force-firewall-wordpress-plugin/

CVE Name

CVE-2025-11705

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkoESkACgkQ3jCgcSdc

ys+f1A/+Oe/uLdmYwebUMnpNbnXQ/xzd5NjE16hvN9rRg3dX3OGQUjy8gcR7Y1z5

HCq55DO3OF9aZqDxhkrIvu7sPWVo57GZB98HPRCcubA1lWooIE1aTLg3bJrrmKR0

8+5bn9LRngY32nuLWJDGSPTFUhp7UsMwGLPZ2romFB/PIV8T5fR7lFjU/lx9TgHd

W6K4Gw1pAU9orVBv6V5aYYiGiMq9e+HvioPLceF0oBmEB+HmOYlSOHY/8mp4mysY

JiVeejSF7ipU7QtskvKIb2PEWCZKzrwsqyz3aoqF7pEqWpsrDO40YqxNbJVxnJZ2

jJKRczYkW1QbJxz3ZtOY53FXq42nbTglVyN7C7pTsZl1soYPnsI5dWVQUYm9eH6T

ne9r8Xh+46awrIsZBsrUNUif86u35XJswwnlICtkLXLZxpIS0p0MqpgMCZcS86s3

Y+b5amXkIPi6iUFXOykhv4+ZBCgwkRFrJqV8Odq70NAMbb31Pa/4NXw1q2mSPgwf

/QwPbGlC3mrf05Rw39J8MIQyVw9NyGfpTYAzVDpii64r+Vv9Vuh26aSQC+K9Z0Sq

MwsETwOAGHQeiHk5OTlMaeB68vOv3ODkrqC+gBZWzGI75ZgA3QLymVYCgcpaPSq+

FYWvxygZj1FEKq+yAl/oQZ855PXnP+lsImBayZwEtyiRxVD+l+0=

=c/6m

—–END PGP SIGNATURE—–