3 matches found
wp2shell
wp2shell WordPress REST batch route-confusion blind SQL injec...
WordPress Core 6.9-7.0.1 - Pre-Auth Blind SQL Injection (Batch-Route Confusion)
WordPress core versions 6.9.0 through 6.9.4 and 7.0.0 through 7.0.1 are vulnerable to a pre-authentication timing-based blind SQL injection via the REST API batch endpoint. A route confusion vulnerability CVE-2026-63030 allows nested batch requests to bypass authentication checks, while a SQL...
CVE-2026-63030: wp2shell a Critical Remote Code Execution Vulnerability in WordPress Core
Overview On July 17, 2026, a GitHub Security Advisory was published for CVE-2026-63030, a critical unauthenticated remote code execution vulnerability affecting WordPress Core. While the official GitHub security advisory classifies the severity as Critical, the vulnerability has currently been...