2 matches found
CVE-2022-4097 All In One WP Security & Firewall < 5.0.8 - IP Spoofing
The All-In-One Security AIOS WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features like IP blocks, rate limiting, brute force protection, and more...
CVE-2022-4097
The CVE-2022-4097 entry concerns the All-In-One Security (AIOS) WordPress plugin prior to 5.0.8. The root cause is IP spoofing via headers (e.g., HTTP_X_REAL_IP/HTTP_X_FORWARDED_FOR) in get_user_ip_address(), allowing attackers to bypass security controls such as IP blocks, rate limiting, and bru...