Issue
A critical pre-authentication WordPress RCE vulnerability to SQL injection ("wp2shell", CVSS 10.0) was reported as affecting WordPress 6.9.x < 6.9.5 and 7.0.x < 7.0.2 (CVE-2026-60137, CVE-2026-63030).
Environment
- Imunify360
- WordPress
Solution
The rules against wp2shell (CVE-2026-60137 and CVE-2026-63030) are in rollout, and will be delivered to the servers within a couple of hours (ruleset version 8.32 as per internal case WPT-2656).
Comments
0 comments
Please sign in to leave a comment.