New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable.

Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and 7.0.2 and enabled what it calls forced updates through its auto-update system.

Adam Kues at Assetnote, Searchlight Cyber’s attack surface management arm, found the flaw and reported

Source: The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites

Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified

The Short Leash AI Coding Method for Beating Fable

The Short Leash AI Coding Method for Beating Fable Source: Hacker News