CVE-2025-11705

CVSS 6.5 Medium
  • CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Published: 1761714936
  • Last modified: 1761714936

CVE-2025-11705 — The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS_* AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and… [Severity (CVSS) 6.5]

Related CVE by CWE

No closely related CVE found.

Risk snapshot

EPSS: n/a   |   KEV: not listed

Related CVE by CWE

No related CWE found.

Top CVE for Vendor

No vendor taxonomy on this entry.

Recently Exploited Similar Vulnerabilities

No recent KEV-listed items for this vendor/product.

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS_* AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

🧠 Explainer: What this vulnerability means

Summary: This vulnerability affects the product by the vendor (CWE: unspecified).

Impact: Potential impact includes remote code execution, data theft, or denial of service.

Mitigation: Prioritize patching and consider temporary workarounds documented by the vendor.

No vendor/product data yet.

No explicit mitigation/advisory links found in references.