CVE-2024-6171

Name of the Vulnerable Software and Affected Versions: The Unlimited Elements For Elementor plugin for WordPress versions up to, and including, 1.5.112

Description: The issue is related to IP Address Spoofing due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This allows unauthenticated attackers to bypass antispam functionality in the Form Builder widgets.

Recommendations: For versions up to, and including, 1.5.112, update to a version that fixes the IP address validation issue to prevent IP Address Spoofing. As a temporary workaround, consider restricting access to the Form Builder widgets until a patch is available.