[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$faFnPrSQUfm5cIAjWv8vfugKTfreGOGeIO0mpmN9QjE8":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":9,"severity":11,"cvss_score":12,"cvss_vector":13,"vuln_type":14,"published_date":15,"updated_date":16,"references":17,"days_to_patch":9},"CVE-2022-4303","wp-limit-login-attempts-ip-spoofing-to-protection-mechanism-bypass","WP Limit Login Attempts \u003C= 2.6.4 - IP Spoofing to Protection Mechanism Bypass","The WP Limit Login Attempts plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.6.4. This is due to the plugin prioritizing obtaining a visitor's IP address from a spoofable HTTP header over PHP's REMOTE_ADDR. Attackers can supply a header with with a different IP Address that can be used to bypass settings that may have blocked out an IP address.","wp-limit-login-attempts",null,"\u003C=2.6.4","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Use of Less Trusted Source","2022-12-27 00:00:00","2024-01-22 19:56:02",[18],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fef60c109-30e2-48e9-8599-6f226e74b6bc?source=api-prod"]