CVE: CVE-2022-2913

Name: Login No Captcha reCAPTCHA (Google) (login-recaptcha)

Version: 1.6.11

Date: 2022-04-04 18:34:44

Advisory: https://wpscan.com/vulnerability/5231ac18-ea9a-4bb9-af9f-e3d95a3b54f1

Type: IP Spoofing

Exploit: 


Set HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR or any other header in LoginNoCaptcha::get_ip_address() which is then checked against the whitelist and Google reCaptcha.