0.025 Low
EPSS
Percentile
90.1%
Because of this vulnerability in vars.php, the attackers can spoof their IP address via a PC_REMOTE_ADDR HTTP header and include a remote file.
Update the WordPress to the latest available version (at least 2.0.3).
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2702