2023-08-30 14:22:04
WPScan
PUBLISHED
The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitors IP from certain HTTP headers over PHPs REMOTE_ADDR, which makes it possible for attackers to access restricted content in certain situations.