Critical remote code execution vulnerability patched in WordPress core
A critical unauthenticated remote code execution vulnerability, tracked as CVE-2026-63030 and dubbed wp2shell, was discovered in WordPress Core versions 6.9.0 through...
Why now: The vulnerability was publicly disclosed on July 17, 2026, with patches released immediately.
- advisories.ncsc.nl • advisories.ncsc.nlNCSC NL Security Advisories
- rapid7.com • www.rapid7.comRapid7 Blog