I. VULNERABILITY ------------------------- Data Manipulation with X-Forwarded-For header at WordPress II. CVE REFERENCE ------------------------- CVE-2020-35539 III. VENDOR ------------------------- https://wordpress.org IV. TIMELINE ------------------------- 20/12/2020 Vulnerability discovered 21/12/2020 Vendor contacted 09/03/2021 CVE Assigned V. CREDIT ------------------------- Alphan Yavas VI. DESCRIPTION ------------------------- "X-Forwarded-For" is a HTTP header used to carry the client's original IP address. However, because these headers may very well be added by the client to the requests, if the systems/devices use IP addresses which decelerate at X