Description

WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.

Remediation

References

CVE-2019-17673

Related Vulnerabilities

Atlassian Jira Incorrect Authorization Vulnerability (CVE-2018-20826)

WordPress Plugin Special Text Boxes Arbitrary File Upload (5.1.90)

WordPress Plugin Acobot Live Chat & Contact Form Multiple Vulnerabilities (2.0)

Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)

Drupal Core 8.x.x Directory Traversal (8.0.0 - 8.5.15)

Severity

High

Classification

CVE-2019-17673 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities