Description
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Security Bypass (1.12)
WordPress Plugin Search Everything SQL Injection (7.0.2)
WordPress Plugin WP Statistics SQL Injection (12.6.6.1)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2190)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5487)