The Anti-Malware Security and Brute-Force Firewall plugin for WordPress has a serious vulnerability that lets subscribers access any file on the server, risking exposure of sensitive information. Versions 4.23.81 and earlier are affected, but a patch was released shortly after the issue was reported. Users are advised to update their plugin to avoid potential attacks.