Attackers Can Take Over WordPress Sites Using Newly Released wp2shell Exploits
Overview
Recent discoveries have revealed serious vulnerabilities in WordPress, specifically two flaws tracked as CVE-2026-63030 and CVE-2026-60137. These vulnerabilities, known as wp2shell, can be exploited by attackers to execute code remotely without needing authentication. This means that anyone with these vulnerabilities can potentially take control of a WordPress site, particularly those running default configurations. The availability of public proof-of-concept exploits raises the urgency for website owners to address these flaws promptly, as they are now at greater risk of being targeted by malicious actors. It’s critical for users to be aware of these vulnerabilities and take immediate action to secure their sites.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: WordPress Core, default installations of WordPress.
- Action Required: Website owners should update their WordPress installations to the latest version to mitigate these vulnerabilities.
- Timeline: Newly disclosed
Original Article Summary
Public exploits are now available for two critical WordPress flaws that attackers can chain to gain remote code execution without authentication. Public proof-of-concept exploits are now available for the critical wp2shell vulnerabilities affecting WordPress Core. The flaws, tracked as CVE-2026-63030 and CVE-2026-60137, can be chained to achieve pre-authentication remote code execution on default WordPress installations […]
Impact
WordPress Core, default installations of WordPress.
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Newly disclosed
Remediation
Website owners should update their WordPress installations to the latest version to mitigate these vulnerabilities. Regularly monitoring for updates and applying security patches as they become available is also recommended.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to CVE, Vulnerability, Critical.