I am conducting a penetration test on a WordPress site and I can observe the same issue. This is typically a low risk vulnerability.
If a user uses a public computer such as in a library, the next user might still be able to somehow retrieve the original cookie before logout and use that to get access to your account.
OWASP explains the problem in their security testing guide
EDIT: So in my case the website did not use the native WordPress logout but some plugin logout for an e-commerce website. I believe the issue lies in the plugin.
When using /wp-login.php?action=logout, all necessary WordPress cookies get cleared. But this might overlook some logout for some plugins.
So to answer the question above, check the logout link used. Is it not wp-login.php?action=logout, then this is not the native WordPress logout and you need to investigate why the website uses another logout function (probably part of a plugin).