Description The plugin is vulnerable to IP Address Spoofing due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass IP rate limiting.