Critical Pre-Auth RCE Flaw Found in WordPress Core, Dubbed "wp2shell"
Medium · PHP · July 18, 2026
curated by Sönke
Security researcher Adam Kues of Searchlight Cyber disclosed a critical pre-authentication remote code execution vulnerability in WordPress core, named wp2shell, in July 2026. The flaw could let attackers compromise sites without valid credentials, putting the more than 500 million WordPress-powered websites at risk until patched or mitigated.
AI-generated summary (Sönke)