CVE: CVE-2022-1601

Name: User Access Manager (user-access-manager)

Version: 2.2.16

Date: 2022-04-10 17:56:32

Advisory: https://wpscan.com/vulnerability/f6d3408c-2ceb-4a89-822b-13f5272a5fce

Type: IP Spoofing

Exploit: 


Set HTTP_X_REAL_IP which is used in checkUserGroupAccess() to use an IP from the allowlist.