CVE-2022-4536

Name of the Vulnerable Software and Affected Versions The IP Vault – WP Firewall plugin for WordPress versions up to, and including, 1.1

Description The issue is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.

Recommendations For versions up to, and including, 1.1, consider restricting access to the X-Forwarded-For header to minimize the risk of exploitation. As a temporary workaround, review and update the request logging and login restrictions settings to account for potential IP address spoofing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.