cve/2019/CVE-2019-17673.md

CVE-2019-17673

Description

WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.

POC

Reference

• https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
• https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/Afetter618/WordPress-PenTest
• https://github.com/El-Palomo/DerpNStink
• https://github.com/El-Palomo/SYMFONOS
• https://github.com/namhikelo/Symfonos1-Vulnhub-CEH