Description
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2020-2552 Vulnerability (CVE-2020-2552)
Apache Tomcat CVE-2018-1305 Vulnerability (CVE-2018-1305)
WordPress Plugin NextGEN Gallery-WordPress Gallery Directory Traversal (2.1.9)
WordPress Plugin Media Library Assistant PHP Object Injection (2.60)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6112)