New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable.

Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and 7.0.2 and enabled what it calls forced updates through its auto-update system.

Adam Kues at Assetnote, Searchlight Cyber’s attack surface management arm, found the flaw and reported

Source: The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

AI can’t be listed as inventor on patent applications, Japan’s top court rules

AI can’t be listed as inventor on patent applications, Japan’s top court rules Source: Hacker News

Lithuanian startup launches open-source network to detect Shahed-type drones

Lithuanian startup launches open-source network to detect Shahed-type drones Source: Hacker News

Hacker News but for Independent Blogs

Hacker News but for Independent Blogs Source: Hacker News