URL has been copied successfully!
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable.Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and 7.0.2 and enabled what it calls forced updates through its auto-update system.Adam Kues at Assetnote, Searchlight Cyber’s attack surface management arm, found the flaw and reported

First seen on thehackernews.com

Jump to article: thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link