[wp-trac] [WordPress Trac] #63940: Prevent POST flood cache bypass attacks
WordPress Trac
noreply at wordpress.org
Sat Sep 6 07:53:52 UTC 2025
#63940: Prevent POST flood cache bypass attacks
-------------------------------+-----------------------------
Reporter: prestonwordsworth | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 6.8.2
Severity: normal | Keywords:
Focuses: |
-------------------------------+-----------------------------
When a POST request is sent to a regular page with no data/body, a 200
response containing the page content is returned just like with a GET
request.
We have seen such requests being used to bypass our caching system.
Would it be possible for WP to return 405 when a page isn’t supposed to
receive POST requests?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63940>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list