Return to Threats

New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

thehackernews.com 2026-07-18 AI supply chain Critical

What Happened

Updated July 18, 2026: the two flaws now carry CVE IDs, the full mechanism has been published, a persistent-object-cache condition has surfaced, and a working proof-of-concept is public. The story below reflects all of it. An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable. Every 6.9 and 7.0 site was in range until

Why It Matters

The article reports on 'wp2shell', a critical WordPress core vulnerability (CVE-2026-63030 and CVE-2026-60137) that allows unauthenticated remote code execution on default, plugin-free installations via a REST API batch-route confusion chained with a SQL injection in WP_Query.[1][5][8] WordPress responded with emergency core updates (6.8.6, 6.9.5, 7.0.2, 7.1 beta2) and some vendors now block the vulnerable batch endpoint at the WAF level.[2][3][6] From a RealGround perspective, this demonstrates how a single upstream CMS flaw can compromise any AI agents or integrations running on or behind affected WordPress sites, highlighting the need to treat web platforms as part of the AI supply chain, maintain SBOMs for AI-facing stacks, and enforce patch management and WAF controls around AI endpoints. Organizations should assess whether any AI agents, chatbots, or model integrations rely on vulnerable WordPress instances and include such core software in AI security readiness and supply-chain risk reviews.

Healthcare Fintech SaaS SMB AI startups

RealGround Analysis

This signal maps to AI supply chain. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.

Recommended Actions

  • Restrict AI agent tool permissions and production write paths.
  • Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
  • Add human approval workflows for high-impact or state-changing actions.
  • Run prompt injection and indirect prompt injection tests against affected workflows.
  • Document the owner, control gap, and remediation deadline for this risk class.

Source

https://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html

Talk to AI CISO