WordPress Plugin Vulnerabilities
Login Block IPs <= 1.0.0 - IP Spoofing Bypass
Description
The function check_is_login_page() uses headers for the IP check, which can be easily spoofed.
Proof of Concept
Set HTTP_CLIENT_IP to bypass blocks / use allowed IP addresses.
Affects Plugins
References
CVE
Miscellaneous
Original Researcher
Daniel Ruf
Submitter
Daniel Ruf
Submitter website
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-10-28 (about 1 years ago)
Added
2022-10-28 (about 1 years ago)
Last Updated
2022-10-28 (about 1 years ago)