New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

Summary

A critical vulnerability in WordPress core allows unauthenticated attackers to execute arbitrary code on affected sites. This flaw impacts WordPress versions 6.9 and 7.0, but has been addressed in recent updates (6.9.5 and 7.0.2) which are being automatically applied by the WordPress update system.

IFF Assessment

FOE

This vulnerability allows unauthenticated attackers to execute arbitrary code, posing a significant risk to the confidentiality, integrity, and availability of WordPress websites.

Severity

9.8 Critical (AI Estimated)

This vulnerability is rated critical due to its high impact and ease of exploitation. An unauthenticated attacker can remotely execute code with no privileges required, leading to complete system compromise.

Defender Context

This vulnerability highlights the ongoing threat of unauthenticated code execution in widely used web platforms. Defenders should ensure their WordPress installations are updated to the latest versions immediately and monitor for any signs of exploitation. The automatic update mechanism should mitigate much of the risk, but vigilance remains key.

Read Full Story →