[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:wordpress-core-wp2shell-rce-flaws-get-public-exploits-patch-now-mrr9w7gc":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":14,"action_required":19,"article_ids":20,"ioc_summary":22,"source_urls":23,"status":25,"expires_at":26,"created_at":27,"updated_at":28,"articles":29},"051db5ae-b720-454a-b450-ef7d0b1911ba","WordPress Core \"wp2shell\" RCE flaws get public exploits, patch now","wordpress-core-wp2shell-rce-flaws-get-public-exploits-patch-now-mrr9w7gc","Critical unauthenticated RCE vulnerabilities in WordPress Core (CVE-2026-63030, CVE-2026-60137) are actively exploited via public PoCs. The wp2shell attack chains REST API and SQL injection flaws to achieve code execution on default installations of WordPress 6.9.x and 7.0.x. All affected WordPress instances are at immediate risk.","critical","advisory",[12,13],"CVE-2026-63030","CVE-2026-60137",[15,16,17,18],"WordPress Core","WordPress.org","Searchlight Cyber","Cloudflare","Identify and patch all WordPress installations to versions 6.9.5 or 7.0.2 immediately. Hunt logs for REST API batch-route requests and SQL injection patterns targeting wp_users and wp_options tables. Block or isolate any WordPress instances still running 6.9.x or 7.0.x pending patching.",[21],"ab3511bc-123f-4845-acec-bf792b17b6a3",null,[24],"https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fwordpress-core-wp2shell-rce-flaws-get-public-exploits-patch-now\u002F","active","2026-07-21T04:05:36.459+00:00","2026-07-19T04:05:39.215132+00:00","2026-07-19T04:10:07.485401+00:00",[30],{"id":21,"title":6,"url":24}]