CVE-2022-4746 – FluentAuth < 1.0.2 - Bypass blocks by IP Spoofing

https://notcve.org/view.php?id=CVE-2022-4746

27 Dec 2022 — The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin. El complemento FluentAuth para WordPress anterior a 1.0.2 prioriza obtener la dirección IP de un visitante de ciertos encabezados HTTP sobre REMOTE_ADDR de PHP, lo que hace posible evitar los bloqueos basados en IP establecidos por el complemento. The FluentAuth plugin for WordPress is vulnerable to ... • https://wpscan.com/vulnerability/62e3babc-00c6-4a35-972f-8f03ba70ba32 • CWE-290: Authentication Bypass by Spoofing CWE-348: Use of Less Trusted Source •