Two new high severity WordPress vulnerabilities, patch immediately!
Overview
WordPress has released a security update, version 7.0.2, to address two significant vulnerabilities that pose risks to users. The first vulnerability, identified as CVE-2026-60137, is a SQL injection issue that could allow attackers to manipulate databases. The second, also CVE-2026-60137, relates to a REST API batch-route confusion that could lead to remote code execution, potentially giving attackers full control over affected systems. The vulnerabilities affect WordPress version 6.9 and earlier. Users are strongly advised to update their installations immediately to mitigate the risks associated with these security flaws.
Key Takeaways
- Affected Systems: WordPress versions 6.9 and earlier are affected by the vulnerabilities.
- Action Required: Users should update to WordPress version 7.
- Timeline: Newly disclosed
Original Article Summary
The 7.0.2 WordPress security release addresses one critical and one high severity security issue. The vulnerabilities reported to the WordPress security team include: CVE-2026-60137 – A facilitated SQL injection issue reported as a team by TF1T, dtro, and haongo CVE-2026-60137 – A REST API batch-route confusion and SQL injection issue leading to Remote Code Execution reported by Adam Kues at Assetnote / Searchlight Cyber Which versions of WordPress are vulnerable? WordPress 6.9 is affected by … More → The post Two new high severity WordPress vulnerabilities, patch immediately! appeared first on Help Net Security.
Impact
WordPress versions 6.9 and earlier are affected by the vulnerabilities.
Exploitation Status
The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.
Timeline
Newly disclosed
Remediation
Users should update to WordPress version 7.0.2 immediately to patch the vulnerabilities.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to CVE, Vulnerability, Patch, and 2 more.