PSA: WordPress Core Patched Unauthenticated Remote Code Execution Vulnerability Chain

On July 17, 2026, the WordPress Security Team released updates to WordPress core addressing two security vulnerabilities. The first is an unauthenticated SQL injection vulnerability identified as CVE-2026-60137, while the second can be chained with the SQL injection to increase its impact to unauthenticated remote code execution and is identified as CVE-2026-63030. To protect WordPress …
Read More

The post PSA: WordPress Core Patched Unauthenticated Remote Code Execution Vulnerability Chain appeared first on Wordfence.

This article has been indexed from Blog – Wordfence

Read the original article: