Description

A flaw was found in Wordpress 5.1. "X-Forwarded-For" is a HTTP header used to carry the client's original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X-Forwarded-For header instead of original IP, various issues may be faced. If the data originating from these fields is trusted by the application developers and processed, any authorization checks originating IP address logging could be manipulated.

Remediation

References

CVE-2020-35539

Related Vulnerabilities

WordPress Plugin WooCommerce Customers Manager Multiple Vulnerabilities (26.5)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3225)

WordPress Plugin Ajax Store Locator Directory Traversal (1.2.0)

WordPress Plugin YITH WooCommerce Frequently Bought Together Security Bypass (1.2.10)

MySQL CVE-2024-21209 Vulnerability (CVE-2024-21209)

Severity

Critical

Classification

CVE-2020-35539 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities