ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
CRITICAL Vulnerabilities

Unauthenticated wp2shell flaw in WordPress core allows remote code execution

Source headline: New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

Threat level Critical
Signal strength 85/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

WordPress core contains a vulnerability referred to as wp2shell that allows an unauthenticated HTTP request to run code. A fresh WordPress installation with no additional plugins can be exploited. The issue was present across WordPress 6.9 and 7.0 releases prior to the latest patch rollout. WordPress later shipped fixes via forced auto-updates to bring sites to newer versions. Site owners should ensure they are updated to the patched releases and verify auto-update status.

Recommended Action

Prioritize immediate review, validate exposure, and patch or mitigate affected systems.

Topics

#rce #open-source #unauthenticated #wordpress #wp2shell
Original reporting The Hacker News New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
Open original source