#598124 wordpress: XML-RPC interface returns HTTP 200 for GET (should be 405)

Package:
wordpress
Source:
wordpress
Submitter:
Tim Bannister
Date:
2023-01-27 23:03:02 UTC
Severity:
minor
Tags:
#598124#5
Date:
2010-09-26 17:01:03 UTC
From:
To:
Package: wordpress
Version: 3.0.1-2~bpo50+1
Severity: minor

Wordpress includes an XML-RPC interface, provided xmlrpc.php
If a user agent makes an HTTP GET request for the XML-RPC interface, Wordpress
responds with a 200 "OK" response. As the server is declining to accept a GET,
this should really be HTTP 405 "Method Not Allowed" with a suitable Allow:
header.

Here's an example HTTP response:

HTTP/1.1 200 OK
Date: Sun, 26 Sep 2010 16:59:05 GMT
Server: Apache/2.2
Cache-Control: max-age=0
Expires: Sun, 26 Sep 2010 16:59:05 GMT
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8

XML-RPC server accepts POST requests only.

#598124#14
Date:
2017-01-06 08:06:36 UTC
From:
To:
Dear Customer,

This is to confirm that your item has been shipped at January 05.

Please check the attachment for complete details!

With sincere thanks,
Vernon Saunders,
Support Agent.

#598124#19
Date:
2023-01-27 21:16:26 UTC
From:
To:
Notice of safety certificate

Dear user: [RECEIVER ADDRESS]

To further enhance the security of the email system

Recently, our department has updated the security certificates of each email system.

Please move the new certificate in time,

All the e-mail accounts that hadn't updated the security certificate in time would be suspended from receiving and sending messages.

If they needed to recover, they had to apply for it through OA.

[Click to log in]