Description

A flaw was found in Wordpress 5.1. "X-Forwarded-For" is a HTTP header used to carry the client's original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X-Forwarded-For header instead of original IP, various issues may be faced. If the data originating from these fields is trusted by the application developers and processed, any authorization checks originating IP address logging could be manipulated.

Remediation

References

CVE-2020-35539

Related Vulnerabilities

Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2022-42128)

Oracle Database Server CVE-2008-0340 Vulnerability (CVE-2008-0340)

WordPress Plugin Task Manager Pro Multiple Vulnerabilities (1.3.1)

WordPress Plugin Akismet Cross-Site Scripting (3.1.4)

MySQL CVE-2019-2800 Vulnerability (CVE-2019-2800)

Severity

Critical

Classification

CVE-2020-35539 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities