{"id":8963,"date":"2026-07-17T22:11:28","date_gmt":"2026-07-17T22:11:28","guid":{"rendered":"https:\/\/news.cybertechworld.co.in\/index.php\/2026\/07\/17\/new-wp2shell-wordpress-core-flaw-lets-unauthenticated-attackers-run-code\/"},"modified":"2026-07-17T22:11:28","modified_gmt":"2026-07-17T22:11:28","slug":"new-wp2shell-wordpress-core-flaw-lets-unauthenticated-attackers-run-code","status":"publish","type":"post","link":"https:\/\/news.cybertechworld.co.in\/index.php\/2026\/07\/17\/new-wp2shell-wordpress-core-flaw-lets-unauthenticated-attackers-run-code\/","title":{"rendered":"New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code"},"content":{"rendered":"<p>\u200bAn anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable.<\/p>\n<p>Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and 7.0.2 and enabled what it calls forced updates through its auto-update system.<\/p>\n<p>Adam Kues at Assetnote, Searchlight Cyber&#8217;s attack surface management arm, found the flaw and reported\u00a0An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable.<\/p>\n<p>Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and 7.0.2 and enabled what it calls forced updates through its auto-update system.<\/p>\n<p>Adam Kues at Assetnote, Searchlight Cyber&#8217;s attack surface management arm, found the flaw and reported\u00a0\u00a0The Hacker News<\/p>","protected":false},"excerpt":{"rendered":"<p>\u200bAn anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable. Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and 7.0.2 and enabled what it calls forced updates through its auto-update system. Adam Kues at&hellip;&nbsp;<a href=\"https:\/\/news.cybertechworld.co.in\/index.php\/2026\/07\/17\/new-wp2shell-wordpress-core-flaw-lets-unauthenticated-attackers-run-code\/\" class=\"\" rel=\"bookmark\">Read More &raquo;<span class=\"screen-reader-text\">New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code<\/span><\/a><\/p>\n","protected":false},"author":0,"featured_media":8964,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/posts\/8963"}],"collection":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/comments?post=8963"}],"version-history":[{"count":0,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/posts\/8963\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/media\/8964"}],"wp:attachment":[{"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/media?parent=8963"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/categories?post=8963"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news.cybertechworld.co.in\/index.php\/wp-json\/wp\/v2\/tags?post=8963"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}