CVE-2020-35539

A flaw was found in Wordpress 5.1. "X-Forwarded-For" is a HTTP header used to carry the client's original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X-Forwarded-For header instead of original IP, various issues may be faced. If the data originating from these fields is trusted by the application developers and processed, any authorization checks originating IP address logging could be manipulated.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

19 Oct 2022, 14:54

Type	Values Removed	Values Added
References	~~(MISC) https://seclists.org/fulldisclosure/2021/Mar/24 -~~	(MISC) https://seclists.org/fulldisclosure/2021/Mar/24 - Mailing List, Third Party Advisory
CPE		cpe:2.3:a:wordpress:wordpress:5.1:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

17 Oct 2022, 17:56

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-10-17 16:15

Updated : 2024-02-04 22:51

NVD link : CVE-2020-35539

Mitre link : CVE-2020-35539

CVE.ORG link : CVE-2020-35539

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2020-35539

Attach tags to `CVE-2020-35539`