Security Advisory

CVE-2022-4746

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-01-23 14:31:33

Last updated 2025-04-02 15:49:16

Assigner WPScan

State PUBLISHED

Description

The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitors IP address from certain HTTP headers over PHPs REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin.

← Browse all CVEs View on cve.org ↗