Signal

Critical remote code execution vulnerabilities exploited in Microsoft SharePoint and WordPress core

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-07-17 06:42 UTCUpdated 2026-07-17 22:23 UTC
rss
cveexploitssecurity_advisoriesincident_response
Trend in the last 24h
Current brief openSource links open
This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.
3 top sources shown
Overview

In July 2026, two critical remote code execution vulnerabilities were actively exploited in widely used software platforms.

Entities
MicrosoftWordPressCloudflareSearchlight Cyber
Score total
1.46
Momentum 24h
4
Posts
4
Origins
3
Source types
1
Duplicate ratio
0%
Why now
  • Active exploitation of CVE-2026-58644 in SharePoint was confirmed shortly after disclosure in July 2026.
  • CISA mandated federal agencies to patch the SharePoint vulnerability by July 19, 2026.
  • WordPress patched CVE-2026-63030 in versions released immediately after vulnerability disclosure.
Why it matters
  • Both vulnerabilities allow unauthenticated attackers to execute arbitrary code, risking full system compromise.
  • Microsoft SharePoint and WordPress are widely deployed, increasing potential impact across enterprises and websites.
  • CISA’s inclusion of the SharePoint flaw in its KEV catalog underscores the severity and urgency of remediation.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • CVE-2026-58644 is a critical unauthenticated remote code execution vulnerability in Microsoft SharePoint Server actively exploited in the wild.
  • CVE-2026-63030 (wp2shell) is a critical unauthenticated remote code execution vulnerability in WordPress Core affecting versions 6.9.0 to 7.0.1, patched in 6.9.5 and 7.0.2.
How sources frame it
  • Rapid7: neutral
  • SecurityWeek: neutral
  • The Hacker News: neutral
  • Rapid7 Labs: neutral
This briefing highlights urgent patching needs for critical RCE vulnerabilities in Microsoft SharePoint and WordPress core actively exploited in July 2026.
All evidence
All evidence
Rapid7 Blog
rapid7.com · rapid7.com · 2026-07-17 18:18 UTC
Fresh SharePoint Vulnerability Exploited Soon After Disclosure
SecurityWeek · securityweek.com · 2026-07-17 07:15 UTC
CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV
thehackernews · thehackernews.com · 2026-07-17 06:42 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 4Origin domains: 3Duplicates: -
Showing 4 / 0
Top publishers (this list)
  • rapid7.com (1)
  • SecurityWeek (1)
  • thehackernews (1)
  • Rapid7 Blog (1)
Top origin domains (this list)
  • rapid7.com (2)
  • securityweek.com (1)
  • thehackernews.com (1)