New wp2shell RCE Vulnerability Hits Millions of WordPress Sites, Emergency Patch Released

A critical pre-authentication remote code execution (RCE) vulnerability dubbed “wp2shell” has been discovered in WordPress Core, putting an estimated 500 million+ websites at risk of full takeover by unauthenticated attackers. Security researcher Adam Kues of Searchlight Cyber’s Assetnote research team uncovered the flaw, which stems from a REST API batch-route confusion issue that leads to […]

The post New wp2shell RCE Vulnerability Hits Millions of WordPress Sites, Emergency Patch Released appeared first on Cyber Security News.

This article has been indexed from Cyber Security News

Read the original article: