Description
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
Remediation
References
Related Vulnerabilities
WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Scripting (1.8.1)
MySQL CVE-2019-2808 Vulnerability (CVE-2019-2808)
WordPress Plugin Sniplets Multiple Input Validation Vulnerabilities (1.2.2)
WordPress Plugin WP-Forum 'sendmail.php' SQL Injection (1.7.8)
WordPress Plugin Daily Inspiration Generator Open Redirect (2.0)