Description
Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.
Remediation
References
Related Vulnerabilities
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.19)
WordPress Plugin Data Tables Generator by Supsystic Multiple Vulnerabilities (1.9.96)
Envoy Proxy Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-18836)
WordPress Plugin Easy Accordion-Best Accordion FAQ Cross-Site Scripting (2.0.21)