When the plugin is configured with a custom header in its Trusted IP Origins setting (e.g X-Forwarded-For), attackers could bypass the protection offered by tampering the header sent in requests.
CPE | Name | Operator | Version |
---|---|---|---|
limit-login-attempts-reloaded | lt | 2.17.4 |