Signal
Critical remote code execution vulnerability patched in WordPress core
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-07-17 22:23 UTCUpdated 2026-07-18 11:01 UTC
rss
cvevulnerabilitywordpressremote_code_executionsecurity_advisory
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (2 domains)domains are deduped. counts indicate coverage, not truth.2 top sources shown
limited source diversity in top sources
Overview
A critical unauthenticated remote code execution vulnerability, tracked as CVE-2026-63030 and dubbed wp2shell, was disclosed on July 17, 2026.
Score total
0.99
Momentum 24h
2
Posts
2
Origins
2
Source types
1
Duplicate ratio
0%
Why now
- The vulnerability was publicly disclosed on July 17, 2026, with immediate patches released.
- Security advisories warn of imminent exploitation attempts due to the flaw's severity.
- Organizations running affected WordPress versions must update urgently to mitigate risk.
Why it matters
- WordPress is one of the most widely deployed content management systems globally.
- The vulnerability allows unauthenticated remote code execution, risking full site compromise.
- Prompt patching is critical to prevent exploitation by attackers.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- An unauthenticated remote code execution vulnerability affects WordPress Core versions 6.9.0-6.9.4 and 7.0.0-7.0.1, allowing arbitrary code execution via the REST API batch endpoint.
How sources frame it
- NCSC NL Security Advisories And Rapid7 Labs: neutral
This critical WordPress vulnerability underscores the importance of timely patching for widely used CMS platforms.
All evidence
All evidence
NCSC-2026-0250 [1.00] [H/M] Kwetsbaarheden verholpen in WordPress door Automattic
NCSC NL Security Advisories · advisories.ncsc.nl · 2026-07-18 11:01 UTC
CVE-2026-63030: wp2shell a Critical Remote Code Execution Vulnerability in WordPress Core
Rapid7 Blog · rapid7.com · 2026-07-17 22:23 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -
Showing 2 / 0
Top publishers (this list)
- NCSC NL Security Advisories (1)
- Rapid7 Blog (1)
Top origin domains (this list)
- advisories.ncsc.nl (1)
- rapid7.com (1)