Chihyu

**Name of the Vulnerable Software and Affected Versions** WP Cerber Security plugin for WordPress versions up to, and including 9.4 **Description** The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has been blocked to bypass this control by setting the `X-Forwarded-For` HTTP header to an IP Address that hasn't been blocked. **Recommendations** For versions up to, and including 9.4, update to a version that properly checks for a visitor's IP address to prevent IP Protection bypass. As a temporary workaround, consider restricting access to the `X-Forwarded-For` HTTP header to minimize the risk of exploitation.