Description
A flaw was found in Wordpress 5.1. "X-Forwarded-For" is a HTTP header used to carry the client's original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X-Forwarded-For header instead of original IP, various issues may be faced. If the data originating from these fields is trusted by the application developers and processed, any authorization checks originating IP address logging could be manipulated.
Remediation
References
Related Vulnerabilities
WordPress Plugin WooCommerce Customers Manager Multiple Vulnerabilities (26.5)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3225)
WordPress Plugin Ajax Store Locator Directory Traversal (1.2.0)
WordPress Plugin YITH WooCommerce Frequently Bought Together Security Bypass (1.2.10)