The FluentAuth WordPress plugin prior to 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wpmanageninja fluentauth |