HackerFeeds

CyberSecurity News

New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

The Hacker News
· July 17, 2026

AI summary

A vulnerability in the WordPress core allows unauthenticated attackers to run code on a WordPress site via an anonymous HTTP request. This flaw can be exploited even on a bare install with no plugins. WordPress sites running versions 6.9 and 7.0 were vulnerable until updates 6.9.5 and 7.0.2 were released. The updates were automatically applied through WordPress's auto-update system. The vulnerability was discovered by Adam Kues at Assetnote, a division of Searchlight Cyber. WordPress has since mitigated the issue with the release of the updated versions.

Read the full article at The Hacker Newsthehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html

This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.