Book A Call

886-203-1712

Get A Free Quote

WordPress Security Plugin Has a Worrying Flaw That Exposed User Data

WordPress Security Plugin Has a Worrying Flaw That Exposed User Data

How to Secure Your WordPress Site from Plugin Vulnerabilities

A popular WordPress plugin, Anti-Malware Security and Brute-Force Firewall, has been found to contain a serious vulnerability tracked as CVE-2025-11705. This flaw allowed low-privileged, authenticated users (such as subscribers) to read arbitrary files on the web server, including critical configuration files like wp-config.php.

According to security researchers at Word fence, the plugin, installed on over 100,000 WordPress sites, was missing proper capability checks in one of its functions. This gap enabled unauthorized users to access sensitive server files, exposing private data such as user emails, password hashes, and database credentials.

Plugin Details and Impact

Versions up to and including 4.23.81 are affected. The root cause is a missing authorization check in the plugin’s AJAX endpoint, specifically the GOTMLS_ajax_scan() function. Exploiting this vulnerability could allow attackers with even minimal access to retrieve sensitive information from configuration files, including credentials and security keys.

Patch Released

A patch was issued on October 15, 2025, with version 4.23.83, which adds proper capability verification. However, despite the fix, roughly 50,000 websites are still running vulnerable versions. The bug carries a CVSS score of 6.8 (medium) because attackers must be authenticated; however, it remains a serious risk for sites that require user registration or memberships.

Why It Matters

Even with a medium severity rating, the consequences are significant. Reading wp-config.php can grant attackers access to a site’s database and potentially lead to a full site compromise. Websites offering user accounts are at the greatest risk because attackers can easily register and exploit the flaw.

What Site Owners Should Do

  1. Update immediately to version 4.23.83 or newer.
  2. Audit user accounts and remove suspicious subscriber roles.
  3. Rotate credentials and keys in wp-config.php if you suspect exposure.
  4. Restrict access to any custom AJAX endpoints on your site.
  5. Monitor logs for unusual requests involving “GOTMLS_scan.”

Expert Commentary

Security experts warn that this incident underscores the importance of enforcing strict capability checks on all AJAX functions. Many WordPress vulnerabilities arise from developers neglecting these checks, leaving sites vulnerable to abuse, even from low-privileged users.

One researcher noted:

“The ability to read configuration files like wp-config.php exposes sensitive credentials and secret keys, which can easily lead to complete site takeover.”

The Bottom Line

If you use the Anti-Malware Security and Brute-Force Firewall plugin, you should assume vulnerability unless you’ve already upgraded to version 4.23.83 or later. Attackers could quietly steal configuration data and credentials. Updating your plugin and strengthening access controls can prevent further exploitation.

Disclaimer

Some content in this article was adapted from videos and verified online sources for clarity and completeness. Always consult the original vendor advisory for full technical details.

Categories

  • Business
  • E-commerce Business
  • Emails
  • Graphic Design
  • Infographic
  • Logo Design
  • Social Media
  • UI/UX Design

Table of Contents