CVE-2022-4529

Name of the Vulnerable Software and Affected Versions Security, Antivirus, Firewall – S.A.F plugin for WordPress versions up to, and including, 2.3.5

Description The issue is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.

Recommendations For Security, Antivirus, Firewall – S.A.F plugin for WordPress versions up to, and including, 2.3.5, consider updating to a version that addresses the IP Address Spoofing issue. As a temporary workaround, consider restricting the use of the X-Forwarded-For header to minimize the risk of exploitation.