CVE-2020-13485: Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header

Severity: Critical

CVSS Score: 9.1

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.