Description
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].
Remediation
References
Related Vulnerabilities
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2021-43824)
Oracle Database Server CVE-2005-4884 Vulnerability (CVE-2005-4884)
WordPress 4.1.x Prototype Pollution (4.1 - 4.1.34)
WordPress Plugin JW Player 6 Cross-Site Scripting (2.1.14)
WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10)