WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
{ "binaries": [ { "binary_version": "4.4.2+dfsg-1ubuntu1", "binary_name": "wordpress" }, { "binary_version": "4.4.2+dfsg-1ubuntu1", "binary_name": "wordpress-l10n" }, { "binary_version": "4.4.2+dfsg-1ubuntu1", "binary_name": "wordpress-theme-twentyfifteen" }, { "binary_version": "4.4.2+dfsg-1ubuntu1", "binary_name": "wordpress-theme-twentyfourteen" }, { "binary_version": "4.4.2+dfsg-1ubuntu1", "binary_name": "wordpress-theme-twentysixteen" } ] }
{ "binaries": [ { "binary_version": "4.9.5+dfsg1-1", "binary_name": "wordpress" }, { "binary_version": "4.9.5+dfsg1-1", "binary_name": "wordpress-l10n" }, { "binary_version": "4.9.5+dfsg1-1", "binary_name": "wordpress-theme-twentyfifteen" }, { "binary_version": "4.9.5+dfsg1-1", "binary_name": "wordpress-theme-twentyseventeen" }, { "binary_version": "4.9.5+dfsg1-1", "binary_name": "wordpress-theme-twentysixteen" } ] }