U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2020-35539

Change History

CVE Modified by Red Hat, Inc. 12/07/2022 1:15:09 PM

Action Type Old Value New Value
Removed CWE 
Red Hat, Inc. CWE-20
 

								
								
					

					

						Changed
						Description
						
							
							
								
							
								
A flaw was found in Wordpress 5.1. "X-Forwarded-For" is a HTTP header used to carry the client's original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X-Forwarded-For header instead of original IP, various issues may be faced. If the data originating from these fields is trusted by the application developers and processed, any authorization checks originating IP address logging could be manipulated.

								
							
							
								
							
						
								
							
								
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

								
								
					

					

						Removed
						Reference
						
							
							
								
							
								
https://seclists.org/fulldisclosure/2021/Mar/24 [Mailing List, Third Party Advisory]