CVE: CVE-2022-4097

Name: All In One WP Security & Firewall (all-in-one-wp-security-and-firewall)

Version: 4.4.11

Date: 2022-04-16 17:04:22

Advisory: https://wpscan.com/vulnerability/15819d33-7497-4f7d-bbb8-b3ab147806c4

Type: IP Spoofing

Exploit: 


Set HTTP_X_REAL_IP or HTTP_X_FORWARDED_FOR used in get_user_ip_address() to bypass IP-based blocks.