CVE-2006-2702

Name of the Vulnerable Software and Affected Versions WordPress version 2.0.2

Description The issue allows remote attackers to spoof their IP address. This is achieved by sending a PC REMOTE ADDR HTTP header, which is used by vars.php to redefine the REMOTE ADDR variable in the $ SERVER superglobal.

Recommendations For WordPress version 2.0.2, consider modifying vars.php to prevent the redefinition of $ SERVER['REMOTE ADDR'] based on the PC REMOTE ADDR HTTP header as a temporary workaround until a patch is available.