{"vulnerability": "CVE-2026-60137", "sightings": [{"uuid": "ab4a0317-cdfb-4c8f-95d9-afcf0fd4b891", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqulbqes2k2a", "content": "CVE-2026-60137 - wordpress\nAn outdated version of WordPress allows hackers to inject malicious SQL code, potentially stealing sensitive data or taking control of the website. This is particularly concerning if you\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#wordpress #CVE #infosec", "creation_timestamp": "2026-07-17T20:22:05.954349Z"}, {"uuid": "93d7c8a8-ff61-491d-8abb-f8a79bbbcf39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mquqd5kxgq2i", "content": "CVE-2026-60137 - WordPress\nCVE ID : CVE-2026-60137\n \n Published : July 17, 2026, 8:17 p.m. | 17\u00a0minutes ago\n \n Description : WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the author__not_in parameter of WP_Query, which coul...", "creation_timestamp": "2026-07-17T21:52:22.244868Z"}, {"uuid": "f5b1c907-b1bd-45b3-a07d-8d646a19a18a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mqursxmdqy2o", "content": "The watchTowr team is rapidly reacting to the Remote Code Execution vulnerability chain (CVE-2026-63030 and CVE-2026-60137) in WordPress Core across our client-base, a just-disclosed flaw in the REST API batch dispat\u2026\n\n\u2014 from @watchtowrcyber (https://x.com/watchtowrcyber/status/2078238662827917416)", "creation_timestamp": "2026-07-17T22:19:07.251702Z"}, {"uuid": "c1eba3cf-60ed-4eff-8cdb-602fb94817c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://t.me/GithubRedTeam/93917", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wordpress-cve-2026-63030\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Senanfurkan\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 00:44:24\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPre-auth RCE in WordPress Core via REST API batch route confusion + WP_Query SQLi (CVE-2026-63030 / CVE-2026-60137). Detection PoC.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T02:00:04.194638Z"}, {"uuid": "d54c7775-9f25-41d2-b6bc-415c72e74bf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/pingoru.bsky.social/post/3mqv5lssche27", "content": "\ud83d\udd34 Nexcess is reporting a Major Outage since 01:44 UTC\n\n\"WP2Shell Wordpress Core Critical Remote Code Execution Vulnerabilities, CVE-2026-60137 and\u2026\"\n\nAffects: Wordpress Core Updates\n\nLive timeline \u2192 https://pingoru.io/providers/nexcess/incidents/6534738\n\n#Nexcess #NexcessDown", "creation_timestamp": "2026-07-18T01:49:51.933679Z"}, {"uuid": "33803ae3-a89c-4295-8e1c-c939fafca002", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/pingoru.bsky.social/post/3mqv5sy6vwi2n", "content": "\ud83d\udd34 Liquid Web is reporting a Major Outage since 01:48 UTC\n\n\"WP2Shell Wordpress Core Critical Remote Code Execution Vulnerabilities, CVE-2026-60137 and CVE-2026-63030\"\n\nLive timeline \u2192 https://pingoru.io/providers/liquid-web/incidents/6534739\n\n#LiquidWeb #LiquidWebDown", "creation_timestamp": "2026-07-18T01:53:52.155389Z"}, {"uuid": "a0c619bd-b994-46c0-96f9-ee949161d3a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93933", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell-lab\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 47Cid\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 03:53:33\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nEducational PoC + lab for CVE-2026-63030 + CVE-2026-60137: pre-auth SQLi in WordPress core via REST batch-route confusion\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T06:00:04.982155Z"}, {"uuid": "901ee37b-d5cb-4f9c-b046-21e92f2934a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3mqvlxtsavk2d", "content": "\ud83d\udea8 wp2shell: RCE cr\u00edtic al nucli de WordPress, no en cap plugin. Una petici\u00f3 an\u00f2nima pot desembocar en execuci\u00f3 de codi al servidor. \nAfecta: 6.9.0\u20136.9.4 i 7.0.0\u20137.0.1. \nEs soluciona amb les versions: 7.0.2/6.9.5/6.8.6. \nCVE-2026-63030 i CVE-2026-60137.\nclaude.ai/public/artif...", "creation_timestamp": "2026-07-18T06:07:26.275197Z"}, {"uuid": "4372541d-aca3-4209-9e01-b792fe1cefe5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://infosec.exchange/ap/users/116810780845358081/statuses/116939389643192070", "content": "\ud83d\udea8 CRITICAL: WordPress Core \"wp2shell\" RCE\nA single anonymous HTTP request can lead to Remote Code Execution on vulnerable WordPress Core installations.\n\u26a0\ufe0f No plugins.\u26a0\ufe0f No themes.\u26a0\ufe0f No authentication required.\nTracked as:\ud83d\udd34 CVE-2026-63030 (REST API Batch Route Confusion \u2192 RCE)\ud83d\udd34 CVE-2026-60137 (Facilitated SQL Injection)\nAffected versions\u2022 WordPress 6.9.0\u20136.9.4\u2022 WordPress 7.0.0\u20137.0.1\n\u2705 Update immediately to WordPress 6.9.5 or 7.0.2. Due to the severity, WordPress has enabled forced automatic security updates for affected installations.\n\ud83d\udd17 Full technical analysis:https://thecybersecguru.com/news/wordpress-core-rce-wp2shell/\n#WordPress #WordPressSecurity #wp2shell #CVE202663030 #CVE202660137 #RCE #RemoteCodeExecution #SQLInjection #RESTAPI #CyberSecurity #InfoSec #WebSecurity #WebsiteSecurity #PatchNow #ThreatIntelligence #BlueTeam #SOC #Linux #PHP #ZeroDay #SecurityResearch #SysAdmin #DevSecOps", "creation_timestamp": "2026-07-18T06:11:07.796792Z"}, {"uuid": "e6b48bd9-c876-4627-9315-c1fd6ecaae7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/365tipu.cz/post/3mqvmoh65uq2w", "content": "Pokud jste je\u0161t\u011b nektualizovali WordPress tak zbyst\u0159ee, jsou tam dv\u011b z\u00e1va\u017en\u00e9 chyby p\u0159\u00edmo v j\u00e1d\u0159e. CVE-2026-60137: SQL injection a CVE-2026-63030: Unauthenticated remote code execution.", "creation_timestamp": "2026-07-18T06:19:46.717219Z"}, {"uuid": "e20af41e-4141-49fe-b328-a593b904cf35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/javiercasares.com/post/3mqvn6wa3bs23", "content": "#WordPress #Seguridad\nSi usas WordPress 6.9, 6.9 o 7.0, actualiza a las \u00faltimas versiones disponibles. Hay unos parches de seguridad que corrigen 2 elementos cr\u00edticos (RCE / SQLi).\n- CVE-2026-60137: corrigen: 6.8.6 - 6.9.5 - 7.0.2\n- CVE-2026-63030: corrigen: 6.9.5 - 7.0.2", "creation_timestamp": "2026-07-18T06:28:59.354212Z"}, {"uuid": "1cdc74f2-12ca-41d4-bc8a-398569b35b36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/securestep9.bsky.social/post/3mqvs5q5aac2z", "content": "#Wordpress: Critical Remote Code Execution (#RCE) chain of vulnerabilities CVE-2026-63030 and #SQLi SQL Injection CVE-2026-60137 dubbed #wp2shell in WordPress Core threaten 500+ million of websites. \nPatch now!:\n\ud83d\udc47\nthehackernews.com/2026/07/new-...", "creation_timestamp": "2026-07-18T07:57:46.344998Z"}, {"uuid": "8ba913e8-0720-4397-a254-54cb6664d1ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://t.me/thehackernews/9544", "content": "\u26a1 UPDATE: #wp2shell now has two CVEs, and a working proof-of-concept is public.\n\n&gt; CVE-2026-63030 breaks REST batch routing\n&gt; CVE-2026-60137 injects SQL\n\nChained, they give an anonymous attacker code execution on affected WordPress sites.\n\nHow the exploit path works: https://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html", "creation_timestamp": "2026-07-18T08:00:04.021980Z"}, {"uuid": "91b90be2-1487-4da9-a1bd-119d8982305f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mqvtts4tm22m", "content": "\ud83e\udd16 CVE-2026-63030 / CVE-2026-60137: SQL injection in WP REST API batch endpoint allows unauthenticated RCE on all 6.9/7.0 sites. PoC published.\nhttps://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html", "creation_timestamp": "2026-07-18T08:28:01.624087Z"}, {"uuid": "f8695508-e1f4-4b71-8e33-aa98b4ab0372", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://infosec.exchange/users/tomcat/statuses/116940092329234240", "content": "\u26a1 UPDATE: #wp2shell now has two CVEs, and a working proof-of-concept is public.\n&gt; CVE-2026-63030 breaks REST batch routing&gt; CVE-2026-60137 injects SQL\nChained, they give an anonymous attacker code execution on affected WordPress sites.\nHow the exploit path works: https://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html", "creation_timestamp": "2026-07-18T08:43:23.355743Z"}, {"uuid": "6b13234a-bd06-485c-90a1-a4c6e5e8f99e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93958", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a WP2Shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a NULL200OK\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 07:52:36\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nWP2Shell - CVE-2026-63030 / CVE-2026-60137 This tool exploits a critical SQL injection vulnerability in the WordPress REST API `/wp-json/batch/v1` endpoint, allowing unauthenticated attackers to execute arbitrary SQL queries and achieve Remote Code Execution (RCE) on vulnerable WordPress installations.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T09:00:04.366182Z"}, {"uuid": "12bcc2ef-749a-4bdd-b00a-271689b7f2b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93950", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ekomsSavior\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 06:55:20\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-63030 (RCE) + CVE-2026-60137 (SQLi)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T09:00:04.452260Z"}, {"uuid": "42777219-dc50-4728-a7d3-fe43ffd2dba4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://infosec.exchange/users/obivan/statuses/116940574604966863", "content": "wp2shell (CVE-2026-63030 + CVE-2026-60137): Independent Root Cause Analysis https://github.com/tcyph3r/wp2shell-cve-2026-63030-root-cause", "creation_timestamp": "2026-07-18T10:46:01.244626Z"}, {"uuid": "931724e0-84c1-47ee-a4eb-209d6a3bed32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/obivan.infosec.exchange.ap.brid.gy/post/3mqw3knqcm7b2", "content": "wp2shell (CVE-2026-63030 + CVE-2026-60137): Independent Root Cause Analysis https://github.com/tcyph3r/wp2shell-cve-2026-63030-root-cause", "creation_timestamp": "2026-07-18T10:46:10.175485Z"}, {"uuid": "59e7bd5e-ec95-428c-bedf-90ce4898a0d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93979", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a kulichr\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 10:08:13\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nNon-intrusive checker for CVE-2026-63030 / CVE-2026-60137 (\"wp2shell\"), a pre-authentication RCE chain in WordPress core.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T12:00:03.634188Z"}, {"uuid": "4683a5b8-c0b9-4558-bfb0-301e91605d9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/hatena-bookmark.bsky.social/post/3mqweh3yqa42q", "content": "#\ud83d\udd16\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\nWordPress\u306e\u6df1\u523b\u5ea6\u300c\u7dca\u6025\u300d\u8106\u5f31\u6027 wp2shell \u306e\u6982\u8981\u3068\u5bfe\u5fdc\u6307\u91dd - GMO Flatt Security Blog\n\n2026\u5e747\u670817\u65e5\u3001\u8a8d\u8a3c\u4e0d\u8981\u3067\u30ea\u30e2\u30fc\u30c8\u304b\u3089\u306e\u4efb\u610f\u30b3\u30fc\u30c9\u5b9f\u884c\uff08RCE\uff09\u306b\u3064\u306a\u304c\u308b\u8106\u5f31\u6027\u300cCVE-2026-63030\u300d\u300cCVE-2026-60137\u300d\u3092\u4fee\u6b63\u3057\u305fWordPress 6.8.6\u30016.9.5\u3001\u304a\u3088\u3073 7.0.2 \u304c\u516c\u958b\u3055\u308c\u307e\u3057\u305f\uff08\u53c2\u8003\uff1aWordPress 7.0.2 Release\uff09\u3002 \u5f0a\u793e GMO Flatt Security \u30ea\u30b5\u30fc\u30c1\u30c1\u30fc\u30e0\u306e\u691c\u8a3c\u3067\u306f\u3001\u8106\u5f31\u306a\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u306f\u6a19\u6e96\u69cb\u6210\u3067\u3082\u3001\u7ba1...", "creation_timestamp": "2026-07-18T13:25:10.233202Z"}, {"uuid": "5c003ea9-c9ec-4767-bf1b-c8c3071863b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/ifin-intel.org/post/3mqweklzf2c2d", "content": "This now has two related CVEs: CVE-2026-63030 and CVE-2026-60137.", "creation_timestamp": "2026-07-18T13:27:07.339339Z"}, {"uuid": "7a288037-eb02-40b1-aa0e-9b9ef01e8119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/pentest-tools.com/post/3mqwffjjxf22o", "content": "#WordPress admins - we got you covered! \ud83e\udee1 \u2192 We've just shipped detection for #wp2shell through our Network Scanner. \u26a1\ufe0f The fastest way to use it is to:\n\n\u25c9 run a single-CVE scan for CVE-2026-63030 (also covers CVE-2026-60137 - the SQLi flaw that chains &amp; leads to RCE)\n\u25c9 Based on your scan results...", "creation_timestamp": "2026-07-18T13:42:16.124343Z"}, {"uuid": "efa92fde-e8ee-41eb-a3cf-e8b528bfd4fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/pentest-tools.com/post/3mqwffnk6vk2o", "content": "#WordPress admins - we got you covered! \ud83e\udee1 \u2192 We've just shipped detection for #wp2shell through our Network Scanner. \u26a1\ufe0f The fastest way to use it is to:\n\n\u25c9 run a single-CVE scan for CVE-2026-63030 (also covers CVE-2026-60137 - the SQLi flaw that chains &amp; leads to RCE)\n\u25c9 Based on your scan results...", "creation_timestamp": "2026-07-18T13:42:16.609570Z"}, {"uuid": "9f3231c3-a373-4e7d-8152-ca3ce95921a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/kotosecurity.bsky.social/post/3mqwgkaiooz2c", "content": "\ud83d\udea8 VULN: WordPress core 'wp2shell' \u2014 CVE-2026-63030 (REST API batch-route confusion) chained with CVE-2026-60137 (SQLi) gives unauthenticated RCE on a bare install. Fixed in 6.9.5/7.0.2 (forced auto-update); 6.8.x SQLi fixed in 6.8.6. Public PoC live. Src: The Hacker News", "creation_timestamp": "2026-07-18T14:02:42.231810Z"}, {"uuid": "1b124a01-3e96-42f8-ab18-3467b8acf8d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mqwkbej5mv22", "content": "WordPress\u306b\u65b0\u305f\u306a\u9ad8\u6df1\u523b\u5ea6\u8106\u5f31\u60272\u4ef6\u3001\u76f4\u3061\u306b\u30d1\u30c3\u30c1\u9069\u7528\u3092!\n\n7.0.2\u7248\u306eWordPress\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30ea\u30ea\u30fc\u30b9\u3067\u306f\u3001\u6df1\u523b\u5ea6\u30af\u30ea\u30c6\u30a3\u30ab\u30eb1\u4ef6\u3068\u9ad8\u6df1\u523b\u5ea61\u4ef6\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u554f\u984c\u304c\u4fee\u6b63\u3055\u308c\u307e\u3057\u305f\u3002 WordPress\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30c1\u30fc\u30e0\u306b\u5831\u544a\u3055\u308c\u305f\u8106\u5f31\u6027\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3059\u3002 CVE-2026-60137 \u2013 TF1T\u3001dtro\u3001haongo\u306e\u30c1\u30fc\u30e0\u306b\u3088\u3063\u3066\u5831\u544a\u3055\u308c\u305f...", "creation_timestamp": "2026-07-18T15:09:19.459912Z"}, {"uuid": "3705f691-7607-464b-98b2-b157df170785", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mqwkcegsyy2c", "content": "It's Friday, so of course we can't have nice things! \n\nInitial technical analysis of #wp2shell CVE-2026-63030 and CVE-2026-60137 from the \n@VulnCheckAI\n research team \u2014 so far, it could be worse (but it's still\u2026\n\n\ud83d\udd01 RT @catc0n | reposted by @HackingLZ\nhttps://x.com/catc0n/status/2078306495817453717", "creation_timestamp": "2026-07-18T15:09:53.900661Z"}, {"uuid": "b31e7667-596d-4aaf-a201-a83b43fe89d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqwovkrqbv2j", "content": "CVE-2026-60137: Two Critical WordPress Vulnerabilities Demand Immediate Action #WordPress #CVE2026 #CyberSecurity", "creation_timestamp": "2026-07-18T16:32:12.481351Z"}, {"uuid": "f97f0345-0093-4207-aa16-79fd04cce3ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/secdb.bsky.social/post/3mqwmgleo3s2y", "content": "\ud83d\udea8 wp2shell affects multiple vulnerabilities (CVE-2026-63030, CVE-2026-60137)\n\nRunning WordPress? Check your versions and patch to 6.8.6/6.9.5/7.0.2. If you can't patch immediately, apply the mitigations in the meantime.\n\n\u2139\ufe0f secdb.nttzen.cloud/updates/a5a5...\n\n#infosec #wordpress #rce #sqlinjection", "creation_timestamp": "2026-07-18T15:48:05.376012Z"}, {"uuid": "ded0e68b-baad-4ca3-849b-47f629733c6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://www.acn.gov.it/portale/w/wordpress-poc-pubblico-per-lo-sfruttamento-delle-cve-2026-60137-e-cve-2026-63030", "content": "Disponibile Proof of Concept (PoC) per le vulnerabilit\u00e0 identificate dalle CVE-2026-60137 e CVE-2026-63030, gi\u00e0 sanate dal vendor, che interessa il prodotto WordPress Core.", "creation_timestamp": "2026-07-18T16:00:49.441683Z"}, {"uuid": "2798043a-6de6-4fce-ac74-273edca626b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-60137", "type": "seen", "source": "https://bsky.app/profile/davidgerard.circumstances.run.ap.brid.gy/post/3mqwo4mfczkf2", "content": "Update your WordPress to 7.0.2/6.9.5, it's important\n\nhttps://discourse.ifin.network/t/cve-2026-63030-and-cve-2026-60137-wp2shell-pre-auth-rce-in-wordpress-eitw/672/2", "creation_timestamp": "2026-07-18T16:18:20.800955Z"}, {"uuid": "47d8ffdb-a210-4f73-b0ae-4dab6cfbd1dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqwoxeobuo2j", "content": "CVE-2026-60137: WordPress Vulnerabilities Demand Immediate Patching #WordPress #CVE2026 #Cybersecurity", "creation_timestamp": "2026-07-18T16:33:13.486182Z"}, {"uuid": "45ed2e8f-5d55-46b2-a79c-2009021753a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqwoxglrkd25", "content": "CVE-2026-60137: WordPress Vulnerabilities Demand Immediate Action Amid Confusion #WordPress #CVE2026 #CyberSecurity", "creation_timestamp": "2026-07-18T16:33:15.079471Z"}, {"uuid": "9291c5eb-bc30-40c7-855a-dfc544893094", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqwoxiaae62j", "content": "CVE-2026-60137: WordPress Vulnerabilities Reveal Serious Patch Gaps #CVE2026 #WordPress #CyberSecurity", "creation_timestamp": "2026-07-18T16:33:16.931905Z"}, {"uuid": "b44c9c6a-20c7-4663-9132-9adaaebd69d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqwoxjwxgn2y", "content": "CVE-2026-60137: WordPress Vulnerabilities Demand Patching, But What\u2019s the Evidence? #WordPress #CyberSecurity #Vulnerabilities", "creation_timestamp": "2026-07-18T16:33:19.514922Z"}, {"uuid": "0732a507-e14c-4f2a-9bde-93618c3be651", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-60137", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqwoxli4kv2u", "content": "CVE-2026-60137: Immediate Patches or a Misguided Response? #CVE202660137 #WordPressSecurity #Cybersecurity", "creation_timestamp": "2026-07-18T16:33:20.475464Z"}]}