Description
The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions).
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-BlipBot Cross-Site Scripting (3.0.9)
WordPress Plugin Snow Monkey Forms Directory Traversal (5.1.1)
WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)
WordPress Plugin Smart Slideshow Arbitrary File Upload (2.4)
WordPress Plugin jQuery Mega Menu Widget 'skin' Parameter Local File Include (1.0)