EPSS
Percentile
64.8%
verbb/knock-knock is vulnerable to IP Whitelisting Bypass. It is due to the use of a flawed IP-Whitelisting mechanism of getting User IP , allowing bypass of IP whitelisting through X-Forwarded-For header manipulation.
github.com/verbb/knock-knock/blob/craft-3/CHANGELOG.md
github.com/verbb/knock-knock/commit/25be8a21b28dcdfc8e2fe5bb3d94fd7e997f1eea
github.com/verbb/knock-knock/releases
limpidsecurity.pl/security-advisories/1/knock-knock-plugin-for-craft-cms/
twitter.com/phaldrzynski?lang=en