The function check_is_login_page() uses headers for the IP check, which can be easily spoofed.CreditsDaniel RufReferenceshttps://wpscan.com/vulnerability/6f3d40fa-458b-44f0-9407-763e80b29668
