CVE-2022-4534

Name of the Vulnerable Software and Affected Versions Limit Login Attempts (Spam Protection) plugin for WordPress versions up to, and including, 5.3

Description The issue arises from insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.

Recommendations For Limit Login Attempts (Spam Protection) plugin for WordPress versions up to, and including, 5.3, update to a version later than 5.3 to resolve the issue. As a temporary workaround, consider restricting access to the X-Forwarded-For header to minimize the risk of exploitation.