Critical wp2shell WordPress Core Flaw Disclosed, Allowing Unauthenticated Remote Code Execution

AI-generated NewsSnap summary based on source reporting.
Published: 2026-07-18
Category: technology
Source: The Hacker News

A significant vulnerability, dubbed 'wp2shell', in WordPress core (versions 6.9 and 7.0) has been fully disclosed, enabling unauthenticated attackers to achieve remote code execution. The flaw, comprising a REST API batch-route confusion (CVE-2026-63030) and a SQL injection (CVE-2026-60137), now has a public proof-of-concept, necessitating immediate patching for all WordPress site administrators.

Want more?

Open NewsSnap.ai for the full app experience, including audio, personalization, and more news tools.

Open NewsSnap.ai