[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":52,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":59,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":65,"vulnerability-29451":72},[4,17,27,34,41,47],{"title":5,"slug":5,"text":6,"link":7,"external":8,"targets":9,"cta":15,"variant":16,"campaign_id":5},"wp2shell","Validate wp2shell: one-click detection & exploitation confirms exposed or patched WP targets.","https://pentest-tools.com/pricing",false,[10,11,12,13,14],"/","/network-vulnerability-scanning/network-security-scanner-online","/cms-vulnerability-scanning/wordpress-scanner-online-wpscan","/website-vulnerability-scanning/website-scanner","/product","Confirm the risk","secondary",{"title":18,"slug":19,"text":20,"link":21,"external":22,"targets":23,"cta":25,"variant":26,"campaign_id":5},"wp2shell (pricing)","wp2shell-p","Validate *wp2shell* exposure & mitigation! Detect with any plan. Exploit with Pentest Suite.","https://pentest-tools.com/vulnerabilities-exploits/wordpress-core-69-701-pre-auth-blind-sql-injection-batch-route-confusion_29451",true,[24],"/pricing","See CVE details","primary",{"title":28,"slug":29,"text":30,"link":7,"external":8,"targets":31,"cta":33,"variant":16,"campaign_id":5},"wp2shell (Sniper)","wp2shell-sniper","Validate wp2shell: one-click detection & exploitation confirms exposed or patched WP targets",[32],"exploit-helpers/sniper","Get it with Pentest Suite",{"title":35,"slug":36,"text":37,"link":7,"external":8,"targets":38,"cta":40,"variant":16,"campaign_id":5},"wp2shell (CVE page - detection)","wp2shell-cve-page","Validate wp2shell exposure & mitigation! Detect with any plan. Exploit with Pentest Suite.",[39],"/vulnerabilities-exploits/wordpress-core-69-701-pre-auth-blind-sql-injection-batch-route-confusion_29451","Explore plans",{"title":42,"slug":43,"text":44,"link":21,"external":8,"targets":45,"cta":25,"variant":16,"campaign_id":5},"wp2shell (Vuln DB homepage)","wp2shell-vuln-db","Emergency CVE response: detection & exploitation now available for *wp2shell*, the critical WP RCE chain",[46],"/vulnerabilities-exploits/",{"title":48,"slug":49,"text":37,"link":7,"external":8,"targets":50,"cta":40,"variant":16,"campaign_id":5},"wp2shell (CVE page - exploitation)","wp2shell-cve-page-exploit",[51],"/vulnerabilities-exploits/wp2shell-wordpress-core-690-694-and-700-701-pre-auth-batch-route-confusion-leading-to-sql-injection_29452",["Island",53],{"key":54,"params":55,"result":57},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":56},"{}",{"head":58},{},["Island",60],{"key":61,"params":62,"result":63},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":56},{"head":64},{},["Island",66],{"key":67,"params":68,"result":70},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":69},"{\"text-color\":\"gray\"}",{"head":71},{},{"id":73,"detectable_with":74,"vuln_details":81,"vuln_id":100,"name":101,"published":102,"updated":82},29451,{"tool":75,"engine":78},{"id":76,"name":77},1,"Network Scanner",{"id":79,"name":80},2,"Nuclei",{"id":73,"codename":82,"description":82,"severity":83,"risk_description":84,"public_description":85,"public_recommendation":86,"recommendation":82,"references":87,"cvssv3":94,"epss_score":95,"epss_percentile":96,"cve":97,"in_cisa_catalog":8,"date":99,"software_type":82,"vendor":82,"product":82,"ptt_exploit_capabilities":82},null,"critical","An unauthenticated attacker can read the entire WordPress database contents including user credentials (password hashes), posts, configuration, and any stored secrets. This enables full site compromise through credential extraction and offline password cracking. The original research demonstrated extracting admin password hashes and is working toward full remote code execution.","WordPress core versions 6.9.0 through 6.9.4 and 7.0.0 through 7.0.1 are vulnerable to a pre-authentication timing-based blind SQL injection via the REST API batch endpoint. A route confusion vulnerability (CVE-2026-63030) allows nested batch requests to bypass authentication checks, while a SQL injection flaw (CVE-2026-60137) in the author_exclude parameter of /wp/v2/categories allows arbitrary SQL queries via a SLEEP-based timing oracle. An unauthenticated attacker can extract the full database contents including user credentials.","Update WordPress immediately to version 6.9.5 or 7.0.2. As a temporary mitigation, block POST requests to /?rest_route=/batch/v1 at the WAF or reverse proxy level.",[88,89,90,91,92,93],"https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ff9f-jf42-662q","https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fpp7-x2x2-2mjf","https://slcyber.io/research-center/wp2shell-pre-authentication-rce-in-wordpress-core","https://www.aikido.dev/blog/unauthenticated-rce-in-wordpress-wp2shell","https://wordpress.org/news/2026/07/wordpress-7-0-2-release/","https://github.com/sergiointel/wp2shell-poc/",9.8,0.08946,0.94667,[98],"CVE-2026-63030","2026-07-17T00:00:00Z","NETSCAN-NUCLEI-CVE-CVE-2026-63030","wp2shell - WordPress Core 6.9-7.0.1 - Pre-Auth Batch-Route Confusion leading to SQL Injection","2026-07-18T00:00:00Z"]