Emergency Patch Rolled Out After wp2shell RCE Threat Targets WordPress

1 min read
Source: CyberSecurityNews
Emergency Patch Rolled Out After wp2shell RCE Threat Targets WordPress
Photo: CyberSecurityNews
TL;DR Summary

A critical, pre-authentication remote code execution flaw named wp2shell in WordPress Core affects roughly 500 million+ sites. It stems from a REST API batch-route confusion that enables unauthenticated attackers to execute code on vulnerable WordPress installations. The issue affects WordPress core versions 6.9.0–6.9.4, 7.0.0–7.0.1 (and 7.1 beta); fixes have been shipped in WordPress 7.0.2 with backports to 6.8.6 and 6.9.5. WordPress is auto-updating affected sites, and admins should update immediately. If patching isn’t possible yet, block anonymous REST API access or the batch endpoints as temporary mitigations and use the wp2shell.com scanner to check exposure.

Share this article

Reading Insights

Total Reads

0

Unique Readers

11

Time Saved

24 min

vs 25 min read

Condensed

98%

4,80595 words

Want the full story? Read the original article

Read on CyberSecurityNews