CVE-2022-4303
CVE-2022-4303 affects the WordPress plugin WP Limit Login Attempts (versions up to 2.6.4). The root cause is that it prioritizes a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, allowing bypass of IP-based login restrictions. This can enable an attacker to circumvent login form pr...