jra89/CVE-2019-19633

lib/G/functions.php in Chevereto 1.0.0 through 1.1.4 Free, and through 3.13.5 Core, allows an attacker to perform bruteforce attacks without triggering the implemented protection mechanism by manipulating the X-Forwarded-For header in the request.