Wire · founder news, decoded · regulatory
New wp2shell RCE Vulnerability Hits Millions of WordPress Sites, Emergency Patch Released
A critical unauthenticated remote code execution vulnerability (wp2shell) affecting WordPress Core 6.9.0-7.0.1 puts 500m+ sites at risk; emergency patches released as 7.0.2, 6.9.5, and 6.8.6.
This Wire brief sits within Fusion42's coverage of Cybersecurity. Wire is Fusion42's founder-focused intelligence feed: each story is connected to the funds and startups it names — every one with a live profile on Raise or Scout — so founders can follow the capital and the momentum behind the headline rather than just the headline itself. Wire analysis is one of the live surfaces Arthur, Fusion42's AI co-founder, reasons over.
The Wire takeaway
If your product sits on WordPress or sells to WordPress agencies, your entire customer base is now a target for unauthenticated takeover until they patch to 7.0.2 or 6.9.5. You have a narrow window to force updates across your customer fleet before active exploitation starts.
Read the full story at cybersecuritynews.com →
Topics: Cybersecurity · wordpress-security · rce-vulnerability · cve-2026-63030 · saas-risk · emergency-patch