nygazet.com logo
New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
technology

New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

1 min read

WordPress 6.9.5 and 7.0.2 patch wp2shell, a pre-auth core RCE that lets anonymous attackers run code on default installs, even with no plugins.

An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable. Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and 7.0.2 and enabled what it calls for... [4349 chars]

Read Original Article

Source: The Hacker News

Visit Source

Share this article