wp2shell - WordPress Core 6.9-7.0.1 - Pre-Auth Batch-Route Confusion leading to SQL Injection CVE-2026-63030
- Severity
- EPSS Score
- Not available
- EPSS Percentile
- Not available
- Vulnerability description
- Not available
- Risk description
- Not available
- Recommendation
- Not available
- References
- https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ff9f-jf42-662qhttps://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fpp7-x2x2-2mjfhttps://slcyber.io/research-center/wp2shell-pre-authentication-rce-in-wordpress-corehttps://www.aikido.dev/blog/unauthenticated-rce-in-wordpress-wp2shellhttps://wordpress.org/news/2026/07/wordpress-7-0-2-release/https://github.com/sergiointel/wp2shell-poc/
- Codename
- Not available
- Detectable with
- Network Scanner
- Scan engine
- Nuclei
- Cisa Kev
- No
- Exploitable with Sniper
- No
- CVE Published
- Jul 17, 2026
- Detection added at
- Software Type
- Not available
- Vendor
- Not available
- Product
- Not available
Detect this vulnerability now!
Check your clients' targets (or your own) for this vulnerability and thousands more! Get proof for validation with our ethical hacking toolkit.

