0.001 Low
EPSS
Percentile
34.0%
The plugin does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it’s block feature by spoofing the headers.
curl -i -H 'CF-CONNECTING-IP: 0.0.0.0' https://example.com