4 matches found
CVE-2022-4746
The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass the IP-based blocks set by the plugin...
CVE-2022-4746 FluentAuth < 1.0.2 - Bypass blocks by IP Spoofing
The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass the IP-based blocks set by the plugin...
CVE-2022-4746 FluentAuth < 1.0.2 - Bypass blocks by IP Spoofing
The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTEADDR, which makes it possible to bypass the IP-based blocks set by the plugin...
CVE-2022-4746
The CVE-2022-4746 entry affects the FluentAuth WordPress plugin, specifically versions prior to 1.0.2. The root cause is that the plugin prioritizes the visitor’s IP address from certain HTTP headers (e.g., HTTP_X_REAL_IP, HTTP_X_FORWARDED_FOR, HTTP_CF_CONNECTING_IP, HTTP_CLIENT_IP) over PHP’s RE...