Back to all news
Security

New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

The Hacker News·July 17, 2026·1 min read
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

A new WordPress core flaw, wp2shell, lets unauthenticated attackers run code via an anonymous HTTP request. Every 6.9 and 7.0 site was exploitable until Friday, when WordPress shipped versions 6.9.5 and 7.0.2 with forced auto-updates. Adam Kues at Assetnote discovered and reported the vulnerability.

Read at The Hacker News
Daily crypto arcade

Read the news, then play it.

Chainshorts turns crypto headlines into a daily game. Catch up in 60 words, then jump into daily lucky draws for a shot at the pot.

Open ChainshortsGet it on the Solana dApp Store