CRITICALAdvisoryJul 19, 2026
Action required
Identify and patch all WordPress installations to versions 6.9.5 or 7.0.2 immediately. Hunt logs for REST API batch-route requests and SQL injection patterns targeting wp_users and wp_options tables. Block or isolate any WordPress instances still running 6.9.x or 7.0.x pending patching.
Affected products
WordPress CoreWordPress.orgSearchlight CyberCloudflare
CVE IDs