The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitors IP from certain HTTP headers over PHPs REMOTE_ADDR, which makes it possible for attackers to access restricted content in certain situations.
Name | Vendor | Start Version | End Version |
---|---|---|---|
User_access_manager | Alexanderschneider | * | 2.2.18 (excluding) |