Description The Restricted Site Access plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 6.3.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for user IP Addresses. This makes it possible for attackers to gain access to areas of the site that may have been restricted.