Security · 12h ago
Critical Pre-Auth RCE Flaw Found in WordPress Core
A security researcher disclosed a pre-authentication remote code execution vulnerability in WordPress core, dubbed wp2shell. The flaw allows unauthenticated attackers to execute arbitrary commands on vulnerable sites. WordPress has not yet released a patch, leaving millions of sites exposed.
Meridian48 take
This is a severe, easily exploitable vulnerability in the world's most popular CMS, but the lack of a coordinated disclosure or patch timeline raises concerns about responsible handling.
wordpressrce