Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

WordPress Security Plugin Vulnerability Exposes Private Data to Site Subscribers




A widely used security plugin on over 100,000 websites has been found to expose private data due to a critical vulnerability. Installed by WordPress administrators for protection against malware, brute-force attacks, and database injection attempts, the Anti-Malware Security and Brute-Force Firewall plugin's flaw allows site subscribers to access sensitive information such as database credentials and password hashes.

By installing the latest version of the plugin, which has been released following a report of the vulnerability by Wordfence, WordPress users can protect themselves against this potential threat. The critical nature of this issue underscores the importance of applying patches promptly and vigilantly in maintaining robust cybersecurity measures for their online assets.

  • The Anti-Malware Security and Brute-Force Firewall plugin has a critical vulnerability (CVE-2025-11705) that allows low-privileged users to read arbitrary files on the server.
  • The vulnerability affects versions 4.23.81 and earlier of the plugin, which is installed on over 100,000 sites.
  • Sites with membership or subscription features are particularly susceptible to attacks exploiting this vulnerability.
  • A patch has been released (version 4.23.83) that addresses the issue by adding a proper user capability check.
  • Approximately 50,000 website administrators have downloaded the latest version since its release, indicating many sites are still vulnerable.



    • The WordPress community has been dealt a significant blow in recent days, as a previously unknown vulnerability in a widely used security plugin has exposed private data from thousands of websites. The Anti-Malware Security and Brute-Force Firewall plugin, installed on over 100,000 sites, has a critical flaw that allows subscribers to read any file on the server, potentially compromising sensitive information.

    The vulnerability, identified as CVE-2025-11705, was reported to Wordfence by researcher Dmitrii Ignatyev and affects versions of the plugin 4.23.81 and earlier. This oversight in the GOTMLS_ajax_scan() function allows a low-privileged user who can invoke the function to read arbitrary files on the server, including sensitive data such as the wp-config.php configuration file that stores the database name and credentials.

    With access to the database, an attacker can extract password hashes, users' emails, posts, and other private data. The severity of this vulnerability is not considered critical due to the need for authentication to exploit it; however, many websites allow users to subscribe and increase their access to various sections of the site, making them more vulnerable to attacks.

    Sites that offer any kind of membership or subscription, allowing users to create accounts, meet the requirement, and are especially susceptible to attacks exploiting CVE-2025-11705. Wordfence has reported the issue to the vendor, Eli, along with a validated proof-of-concept exploit, through the WordPress.org Security Team on October 14.

    Following this public disclosure of the issue, the developer released version 4.23.83 of the plugin that addresses CVE-2025-11705 by adding a proper user capability check via a new 'GOTMLS_kill_invalid_user()' function. According to WordPress.org stats, roughly 50,000 website administrators have downloaded the latest version since its release, indicating that an equal number of sites are running a vulnerable version of the plugin.

    Currently, Wordfence has not detected signs of exploitation in the wild; however, applying the patch is strongly recommended, as the public disclosure of the issue may draw the attackers' attention. This highlights the importance of keeping software up-to-date and using reputable security plugins to protect websites from such vulnerabilities.

    In conclusion, this incident serves as a stark reminder of the ever-evolving nature of cybersecurity threats and the need for vigilance among website administrators. As WordPress users continue to face new challenges in maintaining their online presence, it is imperative that they remain proactive in addressing potential vulnerabilities and taking preventative measures to protect their websites from falling prey to such attacks.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/WordPress-Security-Plugin-Vulnerability-Exposes-Private-Data-to-Site-Subscribers-ehn.shtml

  • https://www.bleepingcomputer.com/news/security/wordpress-security-plugin-exposes-private-data-to-site-subscribers/

  • https://forbespanama.com/wordpress-safety-plugin-exposes-non-public-knowledge-to-website-subscribers/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-11705

  • https://www.cvedetails.com/cve/CVE-2025-11705/

  • https://www.wordfence.com/check-website-for-malware/

  • https://wordpress.org/plugins/wordfence/

  • https://malpedia.caad.fkie.fraunhofer.de/details/win.bookofeli

  • https://consumer.ftc.gov/malware-how-protect-against-detect-remove-it

  • https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/

  • https://security.muni.cz/en/articles/hacker-elites-how-the-most-dangerous-apt-groups-operate


    • Published: Wed Oct 29 16:18:35 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us