Subject: SQL Injection Vulnerability Vulnerability: An SQL injection vulnerability was identified in the plugin's login attempt query, specifically involving the variable . Vulnerable Code: The function populates the variable using the superglobal, particularly the and headers. Risk: If an attacker includes a malicious SQL injection payload in an X-Forwarded-For header, they could overwrite the query and compromise the database. Mitigation: The plugin's author addressed the vulnerability in a new version. Disclosure Discussion: Debate about responsible disclosure practices, with one user advocating for immediate public disclosure and another suggesting private disclosure to the plugin review team. Outcome: The issue was closed following the resolution and discussion.