The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking
https://wpscan.com/vulnerability/04c1581e-fd36-49d4-8463-b49915d4b1ac/