CVE-2022-4539

Name of the Vulnerable Software and Affected Versions Web Application Firewall plugin for WordPress versions up to, and including, 2.1.2

Description The issue arises from insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can exploit this by supplying the X-Forwarded-For header with a different IP Address, which will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.

Recommendations For versions up to, and including, 2.1.2, consider updating to a version that addresses this issue, as the current version allows attackers to manipulate the IP address logged by the system, potentially bypassing security restrictions. As a temporary workaround, consider restricting access to the X-Forwarded-For header to minimize the risk of exploitation.