Security
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
The Hacker News·July 17, 2026·1 min read
A new WordPress core flaw, wp2shell, lets unauthenticated attackers run code via an anonymous HTTP request. Every 6.9 and 7.0 site was exploitable until Friday, when WordPress shipped versions 6.9.5 and 7.0.2 with forced auto-updates. Adam Kues at Assetnote discovered and reported the vulnerability.
Read at The Hacker NewsDaily crypto arcade
Read the news, then play it.
Chainshorts turns crypto headlines into a daily game. Catch up in 60 words, then jump into daily lucky draws for a shot at the pot.
