Description The plugin prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible for attackers to access restricted content in certain situations.
Set HTTP_X_REAL_IP which is used in checkUserGroupAccess() to use an IP from the allowlist.