CVE-2022-4532

Name of the Vulnerable Software and Affected Versions LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress versions up to, and including, 2.1

Description The issue is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.

Recommendations For versions up to, and including, 2.1, consider restricting access to the X-Forwarded-For header to minimize the risk of exploitation. As a temporary workaround, review and adjust the IP address logging and login restriction settings to account for potential spoofing.