Improper Preservation of Consistency Between Independent Representations of Shared State Affecting johnpbloch/wordpress-core package, versions >=4.7.0, <4.7.27>=4.8.0, <4.8.23>=4.9.0, <4.9.24>=5.0.0, <5.0.20>=5.1.0, <5.1.17>=5.2.0, <5.2.19>=5.3.0, <5.3.16>=5.4.0, <5.4.14>=5.5.0, <5.5.13>=5.6.0, <5.6.12>=5.7.0, <5.7.10>=5.8.0, <5.8.8>=5.9.0, <5.9.8>=6.0.0, <6.0.6>=6.1.0, <6.1.4>=6.2.0, <6.2.3>=6.3.0, <6.3.2
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PHP-JOHNPBLOCHWORDPRESSCORE-8653182
- published22 Jan 2025
- disclosed12 Oct 2023
- credits5s, raouf_maklouf
Introduced: 12 Oct 2023
CVE NOT AVAILABLE CWE-1250 (opens in a new tab)How to fix?
Upgrade johnpbloch/wordpress-core to version 4.7.27, 4.8.23, 4.9.24, 5.0.20, 5.1.17, 5.2.19, 5.3.16, 5.4.14, 5.5.13, 5.6.12, 5.7.10, 5.8.8, 5.9.8, 6.0.6, 6.1.4, 6.2.3, 6.3.2 or higher.
Overview
johnpbloch/wordpress-core is a web software you can use to create a website or blog.
Affected versions of this package are vulnerable to Improper Preservation of Consistency Between Independent Representations of Shared State due to the improper handling of the X-HTTP-Method-Override header in REST endpoint requests that return a 4xx error, which could be cached and lead to service disruption.
Note:
This is only exploitable if the server is configured to cache error responses.