0.001 Low
EPSS
Percentile
40.8%
If the option “I’m behind a proxy” is enabled, the visitor IP is read from X-Forwarded-For header, stored & printed in the admin panel without any sanitization / validation.
Set the X-Forwarded-For header to , and perform an incorrect login.
wordpress.org/plugins/wp-cerber/changelog/