Security vulnerabilities in Jetpack (2)
DOS through IP spoofing – (Jetpack <= 11.3.1)
Jetpack is susceptible to IP spoofing during login rate limiting which an attacker can abuse to prevent legitimate users and/or a site’s reverse proxy from making requests to the wp-login.php endpoint.
WAF bypass through IP spoofing – (Jetpack <= 11.3.1)
Jetpack contains are currently NOT exploitable security faux that allows an attacker to bypass all WAF rules.