cleantalk
Vulnerabilities and Security Researches

Anti-Malware Security and Brute-Force Firewall, CVE-2025-11705

CVE, Research URL

CVE-2025-11705

Home page URL

Security reports for Anti-Malware Security and Brute-Force Firewall

Application

Anti-Malware Security and Brute-Force Firewall

Published on
Oct 29, 2025
Research Description
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS_* AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions
max 4.23.83.
Status
vulnerable
Previous vulnerability researches
Anti-Malware Security and Brute-Force Firewall (CVE-2022-2599) , Jun 06, 2024
Anti-Malware Security and Brute-Force Firewall (CVE-2021-25101) , Jun 06, 2024
Anti-Malware Security and Brute-Force Firewall (CVE-2022-4327) , Jun 06, 2024
Anti-Malware Security and Brute-Force Firewall (CVE-2022-0953) , Jun 06, 2024
Anti-Malware Security and Brute-Force Firewall (CVE-2024-22144) , Jun 06, 2024
New vulnerability
Advanced Editor Tools , May 01, 2026
Really Simple SSL , May 01, 2026
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows (CVE-2026-39465) , May 01, 2026
PDF Invoices & Packing Slips for WooCommerce (CVE-2026-39472) , May 01, 2026
Anti-Malware Security and Brute-Force Firewall (CVE-2026-39478) , May 01, 2026