Unauthenticated wp2shell flaw in WordPress core allows remote code execution
Source headline: New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
Intelligence Summary
WordPress core contains a vulnerability referred to as wp2shell that allows an unauthenticated HTTP request to run code. A fresh WordPress installation with no additional plugins can be exploited. The issue was present across WordPress 6.9 and 7.0 releases prior to the latest patch rollout. WordPress later shipped fixes via forced auto-updates to bring sites to newer versions. Site owners should ensure they are updated to the patched releases and verify auto-update status.
Recommended Action
Prioritize immediate review, validate exposure, and patch or mitigate affected systems.