On October 3rd, 2025, we received a submission for an Arbitrary File Read vulnerability in Anti-Malware Security and Brute-Force Firewall, a WordPress plugin with more than 100,000 active installations. This vulnerability makes it possible for an authenticated attacker, with subscriber-level permissions or higher, to read arbitrary files on the server, which may contain sensitive information.
Props to Dmitrii Ignatyev who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program. This researcher earned a bounty of $960.00 for this discovery. Our mission is to secure WordPress through defense in depth, which is why we are investing in quality
Click here to continue reading this article.