cve/2019/CVE-2019-17673.md

CVE-2019-17673

Description

WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.

POC

Reference

• https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html

Github

• https://github.com/20142995/nuclei-templates
• https://github.com/ARPSyndicate/cvemon
• https://github.com/Afetter618/WordPress-PenTest
• https://github.com/AurelienADVANCED/ProjetBlogger
• https://github.com/El-Palomo/DerpNStink
• https://github.com/El-Palomo/SYMFONOS
• https://github.com/NeoOniX/5ATTACK
• https://github.com/namhikelo/Symfonos1-Vulnhub-CEH