NA

CVE-2020-35539

Vulnerability Summary

WordPress is vulnerable to HTTP header injection, caused by improper validation of input by the X-Forwarded-For header. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers, which will allow the malicious user to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Most Upvoted Vulmon Research Post

I. VULNERABILITY ------------------------- Data Manipulation with X-Forwarded-For header at WordPress II. CVE REFERENCE ------------------------- CVE-2020-35539 III. VENDOR ------------------------- https://wordpress.org IV. TIMELINE ------------------------- 20/12/2020 Vulnerability discovered 21/12/2020 Vendor contacted 09/03/2021 CVE Assigned V. CREDIT ------------------------- Alphan Yavas VI. DESCRIPTION ------------------------- "X-Forwarded-For" is a HTTP header used to carry the client's original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X

Mailing Lists

I VULNERABILITY ------------------------- Data Manipulation with X-Forwarded-For header at WordPress II CVE REFERENCE ------------------------- CVE-2020-35539 III VENDOR ------------------------- wordpressorg IV TIMELINE ------------------------- 20/12/2020 Vulnerability discovered 21/12/2020 Vendor contacted 09/03/2021 CVE Assigned ...