Wireby Fusion42
Read this story on the live Wire →

Wire · founder news, decoded · regulatory

WordPress Core "wp2shell" RCE flaws get public exploits, patch now

Critical remote code execution flaws (CVE-2026-63030 and CVE-2026-60137) in WordPress Core versions 6.9.x and 7.0.x can be chained together for unauthenticated RCE; public exploits are now available and WordPress has enabled forced automatic updates.

The Wire takeaway

If you build on WordPress — whether hosted SaaS, agency, or plugin — your entire customer base needs to patch in the next 48 hours or face remote takeover; this is the infrastructure event that forces you to move patch cycles to the top of your roadmap.

Read the full story at bleepingcomputer.com

Topics: Cybersecurity · Enterprise Software · wordpress-rce · critical-patch · security-incident · rest-api-flaw · sql-injection

Related on Wire

Verified 18 July 2026 · Sources: Fusion42 review