2 hours ago · 22 min read4327 words · Tech · hide · 0 comments

TL;DR: wp2shell chains an unauth SQLi that can be used to obtain the admin password and then login to upload a vulnerable plugin for RCE. This can then be chained with a myriad of privilege escalation bugs to obtain root on the WP server.WordPress is one of the most common platforms out there for blogs and general sites, which is what makes it a prime target for researchers and adversaries alike. The codebase is mostly written in PHP and is on the 7th version with sub-versions and beta versions.This week a new bug was found and documented by AssetNote with all new bugs it has a name wp2shell and carries two CVEs (so far); CVE-2026-63030 & CVE-2026-60137.The bug itself as described in the CVE description is: WordPress Core is vulnerable to Remote Code Execution in all versions 6.9 to 7.0.1 via the REST API batch request endpoint (/wp-json/batch/v1). This is due to a route/validation desynchronization that allows a validated sub-request to be dispatched to an unintended callback,…

No comments yet. Log in to reply on the Fediverse. Comments will appear here.