Wireby Fusion42
Read this story on the live Wire →

Wire · founder news, decoded · regulatory

New wp2shell RCE Vulnerability Hits Millions of WordPress Sites, Emergency Patch Released

A critical unauthenticated remote code execution vulnerability (wp2shell) affecting WordPress Core 6.9.0-7.0.1 puts 500m+ sites at risk; emergency patches released as 7.0.2, 6.9.5, and 6.8.6.

This Wire brief sits within Fusion42's coverage of Cybersecurity. Wire is Fusion42's founder-focused intelligence feed: each story is connected to the funds and startups it names — every one with a live profile on Raise or Scout — so founders can follow the capital and the momentum behind the headline rather than just the headline itself. Wire analysis is one of the live surfaces Arthur, Fusion42's AI co-founder, reasons over.

The Wire takeaway

If your product sits on WordPress or sells to WordPress agencies, your entire customer base is now a target for unauthenticated takeover until they patch to 7.0.2 or 6.9.5. You have a narrow window to force updates across your customer fleet before active exploitation starts.

Read the full story at cybersecuritynews.com

Topics: Cybersecurity · wordpress-security · rce-vulnerability · cve-2026-63030 · saas-risk · emergency-patch

Related on Wire

Verified 18 July 2026 · Sources: Fusion42 review

New wp2shell RCE Vulnerability Hits Millions of WordP… | Fusion42