CVE-2022-4746

Name of the Vulnerable Software and Affected Versions FluentAuth WordPress plugin versions prior to 1.0.2

Description The issue allows an attacker to bypass IP-based blocks set by the plugin. This is possible because the plugin prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE ADDR.

Recommendations For versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of HTTP headers that can be manipulated by visitors to minimize the risk of exploitation.