When the plugin is configured with a custom header in its Trusted IP Origins setting (e.g X-Forwarded-For), attackers could bypass the protection offered by tampering the header sent in requests.
Fixed in version 2.17.4✓
2020-12-14 (about 4 months ago)
2020-12-21 (about 4 months ago)
2020-12-22 (about 4 months ago)