New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
- New wp2shell flaw lets unauthenticated code execution on bare WordPress installs. Zero plugins needed. Every 6.9/7.0 site was vulnerable until Friday’s forced updates. Adam Kues at Assetnote found it. Vendor claims seriousness again. We're threadbare. Stop kidding yourself that security theater protects you. Check the seals. If you run WP, update now. No excuses. Delivery signature applied.