Critical

Week in review: High severity WordPress vulnerabilities, fake OAuth IDs bypass sign-in logs

Help Net Security

Overview

Last week, two high severity vulnerabilities were discovered in WordPress that require immediate attention from users and site administrators. The 7.0.2 security release addresses one critical issue along with a high severity problem, both of which could potentially expose websites to serious risks. WordPress users are urged to update their installations promptly to protect against possible exploitation. Additionally, there was a mention of an open-source research agent that poses risks when it interacts with live cloud accounts, emphasizing the importance of securing credentials. These vulnerabilities serve as a reminder of the ongoing need for vigilance in website security.

Key Takeaways

  • Affected Systems: WordPress versions prior to 7.0.2
  • Action Required: Update to WordPress version 7.
  • Timeline: Disclosed on [date not specified]

Original Article Summary

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Two new high severity WordPress vulnerabilities, patch immediately! The 7.0.2 WordPress security release addresses one critical and one high severity security issue. Cynative: Open-source deep research agent Running a large language model against a live cloud account to hunt for security holes comes with an obvious hazard. An agent that holds real credentials and a mandate to poke around can … More → The post Week in review: High severity WordPress vulnerabilities, fake OAuth IDs bypass sign-in logs appeared first on Help Net Security.

Impact

WordPress versions prior to 7.0.2

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Disclosed on [date not specified]

Remediation

Update to WordPress version 7.0.2 or later.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Vulnerability, Patch, Update, and 1 more.

Related Coverage

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 106

Security Affairs

The latest Malware Newsletter from Security Affairs includes several notable malware threats. One of these is CrashStealer, a C++ infostealer for macOS that masquerades as a crash reporter, targeting users to extract sensitive information. Another threat, Lucide Proxy, is exploiting student web proxies to create DDoS bots, potentially impacting educational institutions. Additionally, the AsyncAPI npm organization has been compromised, affecting about 2 million weekly downloads, which raises concerns for developers relying on these packages. Lastly, OkoBot is a sophisticated malware framework specifically designed to target cryptocurrency users, highlighting the ongoing risks in the digital currency space. These developments illustrate the evolving tactics of cybercriminals and the need for users and organizations to stay vigilant.

Jul 19, 2026

Security Affairs newsletter Round 586 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

The latest Security Affairs newsletter reports on two significant cybersecurity issues. First, OpenSSL has addressed a vulnerability known as the HollowByte memory exhaustion bug, which could lead to service disruptions. Users of OpenSSL, particularly those running servers or applications that rely on this library, should ensure they update to the latest version to avoid potential downtime or denial-of-service attacks. Additionally, researchers have discovered Daxin, a malware that has been linked to China, still active on a manufacturer's network despite being over a decade old. This finding raises concerns about the long-term persistence of such malware and its ability to evade detection. Companies must remain vigilant and conduct thorough network security assessments to identify and eliminate such threats.

Jul 19, 2026

Hackers abuse ViPNet software to target Russian govt agencies

BleepingComputer

Hackers are exploiting the update mechanism of the ViPNet software, a private networking solution, to target Russian government agencies and other organizations. This sophisticated attack has raised concerns about the security of critical infrastructure in Russia, as ViPNet is widely used by various state entities. Researchers have identified the malicious activity, which indicates a significant threat to the integrity of communications within these agencies. The ability to manipulate software updates poses serious risks, as it could allow attackers to gain unauthorized access or disrupt operations. This incident underscores the need for heightened security measures and vigilance among users of ViPNet and similar products.

Jul 19, 2026

SonicWall SMA Zero-Days Exploited Before Disclosure to Gain Root Access

The Hacker News

A new threat actor, identified as UTA0533, has been exploiting zero-day vulnerabilities in SonicWall's Secure Mobile Access (SMA) 1000 series VPN appliances before these issues were publicly disclosed. This activity has been tracked since June 22, 2026, and was uncovered during an incident response investigation by cybersecurity firm Volexity. The attackers gained root access to systems, raising serious concerns about the security of organizations using these VPN appliances. This incident is particularly alarming as it highlights the potential risks associated with undisclosed vulnerabilities, which can be exploited by malicious actors before users have a chance to protect themselves. Organizations using SonicWall SMA appliances should be vigilant and prepare for potential impacts from these vulnerabilities.

Jul 19, 2026

Attackers Can Take Over WordPress Sites Using Newly Released wp2shell Exploits

Security Affairs

Recent discoveries have revealed serious vulnerabilities in WordPress, specifically two flaws tracked as CVE-2026-63030 and CVE-2026-60137. These vulnerabilities, known as wp2shell, can be exploited by attackers to execute code remotely without needing authentication. This means that anyone with these vulnerabilities can potentially take control of a WordPress site, particularly those running default configurations. The availability of public proof-of-concept exploits raises the urgency for website owners to address these flaws promptly, as they are now at greater risk of being targeted by malicious actors. It’s critical for users to be aware of these vulnerabilities and take immediate action to secure their sites.

Jul 19, 2026

Update now: 7-Zip fixes RCE flaw exploitable with malicious archives

BleepingComputer

7-Zip has released version 26.02 to address a serious remote code execution (RCE) vulnerability. This flaw allows attackers to execute malicious code on users' systems if they open specially crafted compressed files. Users of 7-Zip should update to the latest version to protect themselves from potential exploitation. The vulnerability is particularly concerning as it could be exploited easily by tricking users into opening harmful files. Keeping software up to date is crucial in maintaining security and preventing such attacks.

Jul 18, 2026