Vulnerability CVE-2022-4746
Published: 2023-01-23

Description:
The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin.

Type:

CWE-290

 (Authentication Bypass by Spoofing)

 References:
https://wpscan.com/vulnerability/62e3babc-00c6-4a35-972f-8f03ba70ba32
Copyright 2024, cxsecurity.com

 

Back to Top