{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11705", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-13T19:18:31.121Z", "datePublished": "2025-10-29T04:27:11.600Z", "dateUpdated": "2026-04-08T17:29:16.971Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:29:16.971Z"}, "affected": [{"vendor": "scheeeli", "product": "Anti-Malware Security and Brute-Force Firewall", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.23.81", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS_* AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "title": "Anti-Malware Security and Brute-Force Firewall <= 4.23.81 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2c8838c-d29a-4df8-85b3-6e440ba7f962?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3379118/gotmls"}, {"url": "https://research.cleantalk.org/cve-2025-11705/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "timeline": [{"time": "2025-10-28T15:41:58.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-29T13:42:58.903044Z", "id": "CVE-2025-11705", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-29T13:43:07.462Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11705", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-29T13:42:58.903044Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-29T13:43:03.125Z"}}], "cna": {"title": "Anti-Malware Security and Brute-Force Firewall <= 4.23.81 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read", "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "scheeeli", "product": "Anti-Malware Security and Brute-Force Firewall", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.23.81"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-28T15:41:58.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2c8838c-d29a-4df8-85b3-6e440ba7f962?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3379118/gotmls"}, {"url": "https://research.cleantalk.org/cve-2025-11705/"}], "descriptions": [{"lang": "en", "value": "The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS_* AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:29:16.971Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11705", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:29:16.971Z", "dateReserved": "2025-10-13T19:18:31.121Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-29T04:27:11.600Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 4.23.81 due to a missing capability check combined with an information exposure in several GOTMLS_* AJAX actions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "id": "CVE-2025-11705", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-29T05:15:36.817", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3379118/gotmls"}, {"source": "security@wordfence.com", "url": "https://research.cleantalk.org/cve-2025-11705/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e2c8838c-d29a-4df8-85b3-6e440ba7f962?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T02:02:00.077234+00:00", "value": {"mitigation_remediation": ["Update to the latest release of the Anti\u2011Malware Security and Brute\u2011Force Firewall plugin (4.23.82 or later).", "If an immediate update is infeasible, disable the plugin or block access to the vulnerable GOTMLS_* AJAX actions.", "Review and restrict file system permissions and user roles so that Subscriber users cannot read sensitive files."], "summary": {"action": "Upgrade", "impact": "Arbitrary File Read"}, "threat_synthesis": {"affected_systems": "All versions of the scheeeli Anti\u2011Malware Security and Brute\u2011Force Firewall plugin up to and including 4.23.81 are affected. Users who have installed any of these releases on WordPress sites are vulnerable.", "description_and_impact": "The Anti\u2011Malware Security and Brute\u2011Force Firewall plugin for WordPress contains a missing capability check that allows authenticated users, even at the Subscriber level, to read the contents of arbitrary files on the server. This flaw enables an attacker to view sensitive data such as configuration files, credentials, or other confidential information stored on the host. The weakness is a classic example of an access control failure (CWE\u2011862).", "risk_and_exploitability": "The CVSS score of 6.5 places this vulnerability in the moderate severity range. With an EPSS score of less than 1% and no presence in the CISA KEV catalog, the likelihood of exploitation is low, yet it remains exploitable for any authenticated Subscriber or higher user. The attack can be carried out by accessing vulnerable GOTMLS_* AJAX endpoints, which expose file contents without authorization checks. Successful exploitation results in information disclosure rather than code execution or denial of service."}}}}, "created": "2025-10-29T10:57:36.058189+00:00", "updated": "2026-04-21T02:15:06.515655+00:00", "vendors": ["anti-malware_security_and_brute-force_firewall_project", "anti-malware_security_and_brute-force_firewall_project$PRODUCT$anti-malware_security_and_brute-force_firewall", "wordpress", "wordpress$PRODUCT$wordpress"]}