WBCE CMS is an open source content management system (CMS) based on PHP and MySQL.WBCE CMS is vulnerable to an access control error that originates in the increase_attempts function of the wbce/framework/class.login.php file in its Header Handler component for X -Forwarded-For parameter does not properly limit too many authentication attempts. An attacker could exploit the vulnerability to authenticate unrestrictedly.