Description
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].
Remediation
References
Related Vulnerabilities
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2023-45369)
WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.3.15)
PHP Out-of-bounds Read Vulnerability (CVE-2019-11042)
WordPress Plugin All Post Contact Form Arbitrary File Upload (1.1.4)