{"vulnerability": "cve-2026-63030", "sightings": [{"uuid": "505aeac8-cc87-4698-8ac6-70db547135b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://chaos.social/users/christopherkunz/statuses/116937404931312120", "content": "@shellsharks New fodder for vulnerability.garden: wp2shell is  CVE-2026-63030  / https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ff9f-jf42-662q", "creation_timestamp": "2026-07-17T21:19:56.512978Z"}, {"uuid": "b24f7834-769f-4861-806b-e97ca3c27b81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mqursxmdqy2o", "content": "The watchTowr team is rapidly reacting to the Remote Code Execution vulnerability chain (CVE-2026-63030 and CVE-2026-60137) in WordPress Core across our client-base, a just-disclosed flaw in the REST API batch dispat\u2026\n\n\u2014 from @watchtowrcyber (https://x.com/watchtowrcyber/status/2078238662827917416)", "creation_timestamp": "2026-07-17T22:19:07.207536Z"}, {"uuid": "a099dd80-0926-427b-8baf-450f57862ed0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://infosec.exchange/users/DarkWebInformer/statuses/116937771276303472", "content": "\u203c\ufe0f\ud83d\udea8 CVE-2026-63030 // wp2shell-poc: Proof-of-concept for an unauthenticated SQL injection in WordPress core that chains to remote code execution, via REST batch route confusion.\nPoC: https://github.com/Icex0/wp2shell-poc", "creation_timestamp": "2026-07-17T22:53:06.234260Z"}, {"uuid": "2ed14d89-b224-4fe2-aa05-a979f47ce93f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/mentedehackers.bsky.social/post/3mqutu6oo4l2j", "content": "Vulnerabilidad cr\u00edtica CVE-2026-63030 permite ejecuci\u00f3n remota en WordPress\n\nUna falla cr\u00edtica en WordPress Core permite ejecuci\u00f3n remota de c\u00f3digo sin\u2026\n\nhttps://mentehackers.com/vulnerabilidad-critica-wordpress-ejecucion-remota-2fecc5d2\n#Ciberseguridad #Tecnologia #MenteHackers", "creation_timestamp": "2026-07-17T22:55:35.187183Z"}, {"uuid": "c3e27ce0-d4cd-496f-90bd-9b23feb8356c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93906", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell-poc\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Icex0\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-17 22:59:11\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-63030\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T01:00:04.435995Z"}, {"uuid": "313fd943-785c-43be-a929-5093980177cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqv5hsbvy52p", "content": "CVE-2026-63030: WordPress Core's Remote Code Execution Threat Demands Urgent Action #WordPress #CyberSecurity #RemoteCodeExecution", "creation_timestamp": "2026-07-18T01:47:37.920098Z"}, {"uuid": "e5b38b32-833a-461e-a484-b7896f88afd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://t.me/GithubRedTeam/93917", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wordpress-cve-2026-63030\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Senanfurkan\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 00:44:24\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPre-auth RCE in WordPress Core via REST API batch route confusion + WP_Query SQLi (CVE-2026-63030 / CVE-2026-60137). Detection PoC.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T02:00:04.305456Z"}, {"uuid": "d1a6b4a7-90b5-49e1-8926-743e48e2efde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqv5jkuofv2f", "content": "CVE-2026-63030: WordPress Core Vulnerability Exposes Sites to Total Compromise #WordPress #CyberSecurity #Vulnerability", "creation_timestamp": "2026-07-18T01:48:36.447589Z"}, {"uuid": "f1b80b4b-1ace-467f-9481-e614d15427e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqv5jmndsy2m", "content": "CVE-2026-63030: WordPress Core Faces Unprecedented Remote Code Risks #CVE202663030 #WordPress #CyberSecurity", "creation_timestamp": "2026-07-18T01:48:38.560122Z"}, {"uuid": "2f9d57ab-bb77-4794-945a-2890ffd791b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqv5jrwqtt2l", "content": "CVE-2026-63030: Is the WordPress RCE Vulnerability a Looming Crisis? #WordPress #CyberSecurity #RCEVulnerability", "creation_timestamp": "2026-07-18T01:48:43.823400Z"}, {"uuid": "76823fc1-0bee-4e8e-93f8-efd7dc80c361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqv5jogmvf2f", "content": "CVE-2026-63030: WordPress Core Vulnerability Reveals Process Failures #WordPressSecurity #CVE2026 #CyberSecurity", "creation_timestamp": "2026-07-18T01:48:40.229135Z"}, {"uuid": "572b1482-e0d2-4942-a6c1-77bbf0935861", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqv5jqajdl2u", "content": "CVE-2026-63030: WordPress Vulnerability Highlights Patch-Only Mentality #CVE2026 #WordPressSecurity #CyberSecurity", "creation_timestamp": "2026-07-18T01:48:42.146456Z"}, {"uuid": "dc8e7020-aa2f-49f9-90e1-f61686d10f40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/pingoru.bsky.social/post/3mqv5sy6vwi2n", "content": "\ud83d\udd34 Liquid Web is reporting a Major Outage since 01:48 UTC\n\n\"WP2Shell Wordpress Core Critical Remote Code Execution Vulnerabilities, CVE-2026-60137 and CVE-2026-63030\"\n\nLive timeline \u2192 https://pingoru.io/providers/liquid-web/incidents/6534739\n\n#LiquidWeb #LiquidWebDown", "creation_timestamp": "2026-07-18T01:53:52.198937Z"}, {"uuid": "5b068d9e-d502-4b09-8439-f9d698a2a738", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/securityonline.bsky.social/post/3mqv5wtavp52e", "content": "WordPress pre-auth RCE CVE-2026-63030 chains a REST batch bug with SQL injection. Details and a public PoC are out. Update to WordPress 7.0.2 now.\n\n#WordPress #PreAuthRCE #CVE202663030 #SQLInjection #wp2shell #WebSecurity #InfoSec", "creation_timestamp": "2026-07-18T01:56:02.108843Z"}, {"uuid": "84ae4c69-b7b1-4fc9-bc56-021e73f5622a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-63030", "type": "seen", "source": "https://bsky.app/profile/vritrasecnews.bsky.social/post/3mqv3h7ulb424", "content": "Overview On July 17, 2026, a GitHub Security Advisory was published for CVE-2026-63030 , a critical unauthenticated remote code execution vulnerability affecting...\n\n\ud83d\udd17 https://www.rapid7.com/blog/post/etr-cve-2026-63030-wp2shell-a-critical-remote-code-execution-vulnerability-in-wordpress-core", "creation_timestamp": "2026-07-18T01:11:30.260993Z"}, {"uuid": "7d3c0447-9508-4e59-a928-34cc135994aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-63030.yaml", "content": "", "creation_timestamp": "2026-07-18T03:00:03.306069Z"}, {"uuid": "a3a12df0-5f3b-478d-a8b7-ffe5836e4321", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/termsofsurrender.bsky.social/post/3mqvbm4vgrd2b", "content": "WordPress Trips Over a Public RCE While Bureaucracy Hides Under Its Desk\nPANIC 88% | Lag 0.0h | WordPress CVE-2026-63030 is a pre-authentication remote code execution chain involving a REST batch \n#AfterShockIndex\nREAD MORE", "creation_timestamp": "2026-07-18T03:01:37.166163Z"}, {"uuid": "460e0734-f14d-4b7c-8d41-99db2df1b045", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/usounds.work/post/3mqvieupl2s4g", "content": "\u91d1\u66dc\u65e5\u306b\u3053\u3046\u3044\u3046\u60c5\u5831\u3092\u51fa\u3059\u306e\u306f\u3084\u3081\u3088\u3046\u306d\u3002\uff08\u3044\u3064\u3082\u52a9\u304b\u3063\u3066\u307e\u3059\u3042\u308a\u304c\u3068\u3046\u3054\u3056\u3044\u307e\u3059\uff09\nhttps://www.cve.org/CVERecord?id=CVE-2026-63030\n\nWordPress &lt; 7.0.2 - REST API batch-route confusion and SQL injection issue leading to Remote Code Execution\nCVE\uff1a9.1", "creation_timestamp": "2026-07-18T05:02:50.136596Z"}, {"uuid": "a14b30b3-1806-45a5-a798-192ce1ee9050", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mqvj4l5xuu2v", "content": "CVE-2026-63030 - wordpress\nCertain versions of WordPress are vulnerable to a remote code execution attack through its REST API. This can happen if an attacker exploits a SQL injection flaw in the way WordPress\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#wordpress #CVE #infosec", "creation_timestamp": "2026-07-18T05:16:05.476419Z"}, {"uuid": "6b3c920e-6454-4027-84ed-5b7fe0c5db20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93933", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell-lab\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 47Cid\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 03:53:33\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nEducational PoC + lab for CVE-2026-63030 + CVE-2026-60137: pre-auth SQLi in WordPress core via REST batch-route confusion\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T06:00:05.026547Z"}, {"uuid": "dde68938-56a2-4dd7-a1cb-31fa10de0fac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/lalgorisme.bsky.social/post/3mqvlxtsavk2d", "content": "\ud83d\udea8 wp2shell: RCE cr\u00edtic al nucli de WordPress, no en cap plugin. Una petici\u00f3 an\u00f2nima pot desembocar en execuci\u00f3 de codi al servidor. \nAfecta: 6.9.0\u20136.9.4 i 7.0.0\u20137.0.1. \nEs soluciona amb les versions: 7.0.2/6.9.5/6.8.6. \nCVE-2026-63030 i CVE-2026-60137.\nclaude.ai/public/artif...", "creation_timestamp": "2026-07-18T06:07:26.237103Z"}, {"uuid": "7c0a8b81-23bf-4910-ae44-1c45513f0dfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://infosec.exchange/ap/users/116810780845358081/statuses/116939389643192070", "content": "\ud83d\udea8 CRITICAL: WordPress Core \"wp2shell\" RCE\nA single anonymous HTTP request can lead to Remote Code Execution on vulnerable WordPress Core installations.\n\u26a0\ufe0f No plugins.\u26a0\ufe0f No themes.\u26a0\ufe0f No authentication required.\nTracked as:\ud83d\udd34 CVE-2026-63030 (REST API Batch Route Confusion \u2192 RCE)\ud83d\udd34 CVE-2026-60137 (Facilitated SQL Injection)\nAffected versions\u2022 WordPress 6.9.0\u20136.9.4\u2022 WordPress 7.0.0\u20137.0.1\n\u2705 Update immediately to WordPress 6.9.5 or 7.0.2. Due to the severity, WordPress has enabled forced automatic security updates for affected installations.\n\ud83d\udd17 Full technical analysis:https://thecybersecguru.com/news/wordpress-core-rce-wp2shell/\n#WordPress #WordPressSecurity #wp2shell #CVE202663030 #CVE202660137 #RCE #RemoteCodeExecution #SQLInjection #RESTAPI #CyberSecurity #InfoSec #WebSecurity #WebsiteSecurity #PatchNow #ThreatIntelligence #BlueTeam #SOC #Linux #PHP #ZeroDay #SecurityResearch #SysAdmin #DevSecOps", "creation_timestamp": "2026-07-18T06:11:07.746384Z"}, {"uuid": "069a2b4c-1d20-48da-bffe-a947780bd1db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/365tipu.cz/post/3mqvmoh65uq2w", "content": "Pokud jste je\u0161t\u011b nektualizovali WordPress tak zbyst\u0159ee, jsou tam dv\u011b z\u00e1va\u017en\u00e9 chyby p\u0159\u00edmo v j\u00e1d\u0159e. CVE-2026-60137: SQL injection a CVE-2026-63030: Unauthenticated remote code execution.", "creation_timestamp": "2026-07-18T06:19:46.762334Z"}, {"uuid": "abfb5faf-ee7c-484a-b1b0-1e48e2a9612e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/javiercasares.com/post/3mqvn6wa3bs23", "content": "#WordPress #Seguridad\nSi usas WordPress 6.9, 6.9 o 7.0, actualiza a las \u00faltimas versiones disponibles. Hay unos parches de seguridad que corrigen 2 elementos cr\u00edticos (RCE / SQLi).\n- CVE-2026-60137: corrigen: 6.8.6 - 6.9.5 - 7.0.2\n- CVE-2026-63030: corrigen: 6.9.5 - 7.0.2", "creation_timestamp": "2026-07-18T06:28:59.399175Z"}, {"uuid": "a1cffc50-27e4-45e7-9065-f030ffd1dbfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3mqvooirnl62e", "content": "\u26a0\ufe0f PATCH NOW\n\nWordPress Core 6.9 and 7.0 have an unauthenticated code-execution bug (wp2shell, CVE-2026-63030): one anonymous request can take over a default site.\n\nNo exploitation seen yet, but a scanner is public.\n\nUpdate to 6.9.5 or 7.0.2 now.", "creation_timestamp": "2026-07-18T06:55:35.885956Z"}, {"uuid": "0aedebe7-8c6b-49c7-8036-49b7a348dc58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93946", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Lutfifakee-Project\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 05:57:09\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nwp2shell - WordPress CVE-2026-63030 Exploit &amp; Scanner\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T07:00:04.344881Z"}, {"uuid": "7288ad59-25b3-48bf-91b3-c9d076e36fa7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/netalexx.bsky.social/post/3mqvrpqirgc2x", "content": "WordPress Core 6.9 and 7.0 carry wp2shell (CVE-2026-63030), an unauthenticated remote code execution flaw. Update to 6.9.5 or 7.0.2", "creation_timestamp": "2026-07-18T07:49:59.828014Z"}, {"uuid": "0928ca89-f550-4da7-a087-e179246e1181", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/securestep9.bsky.social/post/3mqvs5q5aac2z", "content": "#Wordpress: Critical Remote Code Execution (#RCE) chain of vulnerabilities CVE-2026-63030 and #SQLi SQL Injection CVE-2026-60137 dubbed #wp2shell in WordPress Core threaten 500+ million of websites. \nPatch now!:\n\ud83d\udc47\nthehackernews.com/2026/07/new-...", "creation_timestamp": "2026-07-18T07:57:46.279462Z"}, {"uuid": "46911a31-4bc0-4cd4-9a73-ae1db6d3debb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://t.me/thehackernews/9544", "content": "\u26a1 UPDATE: #wp2shell now has two CVEs, and a working proof-of-concept is public.\n\n&gt; CVE-2026-63030 breaks REST batch routing\n&gt; CVE-2026-60137 injects SQL\n\nChained, they give an anonymous attacker code execution on affected WordPress sites.\n\nHow the exploit path works: https://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html", "creation_timestamp": "2026-07-18T08:00:03.980720Z"}, {"uuid": "12f8d83a-ec83-45cd-b349-ae9222d1690a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/donwebmedia.bsky.social/post/3mqvtd3j3g32u", "content": "wp2shell: la RCE de WordPress que afecta tu hosting\n\nTu hosting WordPress es vulnerable a wp2shell sin plugins extra. La RCE CVE-2026-63030 afecta el core: versiones afectadas, c\u00f3mo parchear y detectar com...\n\n#wp2shell #cve202663030 #rcewordpress #vulnerabilidadcore #wordpresssecurity", "creation_timestamp": "2026-07-18T08:18:41.390778Z"}, {"uuid": "9fd30f49-dd61-4c6f-b0b5-c2e7fce3fabb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mqvtts4tm22m", "content": "\ud83e\udd16 CVE-2026-63030 / CVE-2026-60137: SQL injection in WP REST API batch endpoint allows unauthenticated RCE on all 6.9/7.0 sites. PoC published.\nhttps://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html", "creation_timestamp": "2026-07-18T08:28:01.582781Z"}, {"uuid": "0d7d610e-71c0-4513-8213-43caf15a7018", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://infosec.exchange/users/tomcat/statuses/116940092329234240", "content": "\u26a1 UPDATE: #wp2shell now has two CVEs, and a working proof-of-concept is public.\n&gt; CVE-2026-63030 breaks REST batch routing&gt; CVE-2026-60137 injects SQL\nChained, they give an anonymous attacker code execution on affected WordPress sites.\nHow the exploit path works: https://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html", "creation_timestamp": "2026-07-18T08:43:23.321492Z"}, {"uuid": "802fbb6c-53c4-4274-9c42-8f53fd5b99c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93958", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a WP2Shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a NULL200OK\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 07:52:36\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nWP2Shell - CVE-2026-63030 / CVE-2026-60137 This tool exploits a critical SQL injection vulnerability in the WordPress REST API `/wp-json/batch/v1` endpoint, allowing unauthenticated attackers to execute arbitrary SQL queries and achieve Remote Code Execution (RCE) on vulnerable WordPress installations.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T09:00:04.319085Z"}, {"uuid": "d043df71-2efb-4251-a7d9-6bdda5dac2af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93950", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ekomsSavior\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 06:55:20\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-63030 (RCE) + CVE-2026-60137 (SQLi)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T09:00:04.410802Z"}, {"uuid": "6bf24beb-0cc2-48f9-afbb-5c744005686d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-63030", "type": "seen", "source": "https://infosec.exchange/users/obivan/statuses/116940574604966863", "content": "wp2shell (CVE-2026-63030 + CVE-2026-60137): Independent Root Cause Analysis https://github.com/tcyph3r/wp2shell-cve-2026-63030-root-cause", "creation_timestamp": "2026-07-18T10:46:01.187975Z"}, {"uuid": "f860e6f1-7dbb-4dd2-aac3-d14ec779822f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-63030", "type": "seen", "source": "https://bsky.app/profile/obivan.infosec.exchange.ap.brid.gy/post/3mqw3knqcm7b2", "content": "wp2shell (CVE-2026-63030 + CVE-2026-60137): Independent Root Cause Analysis https://github.com/tcyph3r/wp2shell-cve-2026-63030-root-cause", "creation_timestamp": "2026-07-18T10:46:10.132676Z"}, {"uuid": "d662e833-9317-4438-a48b-97eed57fb311", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93979", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a kulichr\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 10:08:13\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nNon-intrusive checker for CVE-2026-63030 / CVE-2026-60137 (\"wp2shell\"), a pre-authentication RCE chain in WordPress core.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T12:00:03.675999Z"}, {"uuid": "831dd293-f85a-4a67-80e7-0aedd98811c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mqwecofxtf2p", "content": "Regarding CVE-2026-63030, this is what I see in the Apache logs on attempts:\n\nPHP Warning: Undefined array key 2 in .../class-wp-rest-server.php on line 1836\nPHP Warning: Trying to access array offset on null in .../\u2026\n\n\u2014 from @SquiblydooBlog (https://x.com/SquiblydooBlog/status/2078464712250150999)", "creation_timestamp": "2026-07-18T13:22:40.923163Z"}, {"uuid": "f58c4cdc-0d19-44e6-ac22-2f4f0c6a2086", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/ifin-intel.org/post/3mqwefdcifk2d", "content": "This now has a CVE: CVE-2026-63030", "creation_timestamp": "2026-07-18T13:24:10.015432Z"}, {"uuid": "33483a41-c988-485d-8f87-3f88b5bc37b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/hatena-bookmark.bsky.social/post/3mqweh3yqa42q", "content": "#\ud83d\udd16\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\nWordPress\u306e\u6df1\u523b\u5ea6\u300c\u7dca\u6025\u300d\u8106\u5f31\u6027 wp2shell \u306e\u6982\u8981\u3068\u5bfe\u5fdc\u6307\u91dd - GMO Flatt Security Blog\n\n2026\u5e747\u670817\u65e5\u3001\u8a8d\u8a3c\u4e0d\u8981\u3067\u30ea\u30e2\u30fc\u30c8\u304b\u3089\u306e\u4efb\u610f\u30b3\u30fc\u30c9\u5b9f\u884c\uff08RCE\uff09\u306b\u3064\u306a\u304c\u308b\u8106\u5f31\u6027\u300cCVE-2026-63030\u300d\u300cCVE-2026-60137\u300d\u3092\u4fee\u6b63\u3057\u305fWordPress 6.8.6\u30016.9.5\u3001\u304a\u3088\u3073 7.0.2 \u304c\u516c\u958b\u3055\u308c\u307e\u3057\u305f\uff08\u53c2\u8003\uff1aWordPress 7.0.2 Release\uff09\u3002 \u5f0a\u793e GMO Flatt Security \u30ea\u30b5\u30fc\u30c1\u30c1\u30fc\u30e0\u306e\u691c\u8a3c\u3067\u306f\u3001\u8106\u5f31\u306a\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u306f\u6a19\u6e96\u69cb\u6210\u3067\u3082\u3001\u7ba1...", "creation_timestamp": "2026-07-18T13:25:10.185853Z"}, {"uuid": "f2cc8a24-8d4b-4b2a-a65c-04eee0c2a54b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/ifin-intel.org/post/3mqweklzf2c2d", "content": "This now has two related CVEs: CVE-2026-63030 and CVE-2026-60137.", "creation_timestamp": "2026-07-18T13:27:07.306081Z"}, {"uuid": "823e21b5-049f-44f5-b3aa-5bc81141fbd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/pentest-tools.com/post/3mqwffjjxf22o", "content": "#WordPress admins - we got you covered! \ud83e\udee1 \u2192 We've just shipped detection for #wp2shell through our Network Scanner. \u26a1\ufe0f The fastest way to use it is to:\n\n\u25c9 run a single-CVE scan for CVE-2026-63030 (also covers CVE-2026-60137 - the SQLi flaw that chains &amp; leads to RCE)\n\u25c9 Based on your scan results...", "creation_timestamp": "2026-07-18T13:42:16.081859Z"}, {"uuid": "fc11efaa-e86e-4b25-b6e6-0539e4ad0ad2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/pentest-tools.com/post/3mqwffnk6vk2o", "content": "#WordPress admins - we got you covered! \ud83e\udee1 \u2192 We've just shipped detection for #wp2shell through our Network Scanner. \u26a1\ufe0f The fastest way to use it is to:\n\n\u25c9 run a single-CVE scan for CVE-2026-63030 (also covers CVE-2026-60137 - the SQLi flaw that chains &amp; leads to RCE)\n\u25c9 Based on your scan results...", "creation_timestamp": "2026-07-18T13:42:16.568153Z"}, {"uuid": "a55f0a0b-51f3-4464-aa9f-ccaf2c98c196", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/kotosecurity.bsky.social/post/3mqwgkaiooz2c", "content": "\ud83d\udea8 VULN: WordPress core 'wp2shell' \u2014 CVE-2026-63030 (REST API batch-route confusion) chained with CVE-2026-60137 (SQLi) gives unauthenticated RCE on a bare install. Fixed in 6.9.5/7.0.2 (forced auto-update); 6.8.x SQLi fixed in 6.8.6. Public PoC live. Src: The Hacker News", "creation_timestamp": "2026-07-18T14:02:42.183813Z"}, {"uuid": "ca5d6f5c-cbd2-4e92-a4aa-4c428b716f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/93991", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-63030\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 4minx\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 12:54:46\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-63030 (wp2shell) POC.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T15:00:06.570350Z"}, {"uuid": "dfde1fb7-a040-4f8f-ba90-2ee4972a3653", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mqwjtpftve2j", "content": "\ud83d\udd34 CVE-2026-63030 - Critical (9.8)\n\nWordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint rout...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-63030/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-07-18T15:01:41.805956Z"}, {"uuid": "5b1a00da-0656-44c8-a216-0015b1f1e9d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mqwkcegsyy2c", "content": "It's Friday, so of course we can't have nice things! \n\nInitial technical analysis of #wp2shell CVE-2026-63030 and CVE-2026-60137 from the \n@VulnCheckAI\n research team \u2014 so far, it could be worse (but it's still\u2026\n\n\ud83d\udd01 RT @catc0n | reposted by @HackingLZ\nhttps://x.com/catc0n/status/2078306495817453717", "creation_timestamp": "2026-07-18T15:09:53.864288Z"}, {"uuid": "0846aabc-735e-455f-8612-0db38a8de292", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116941742399190960", "content": "\ud83d\udcf0 Critical Unauthenticated RCE Flaw Found in WordPress Core\nCritical unauthenticated RCE vulnerability (CVE-2026-63030) found in WordPress Core. Affects versions 6.9.x and 7.0.x. Allows full site takeover via REST API. Update to 6.9.5 or 7.0.2 now! #WordPress #CVE #RCE #PatchNow\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/critical-unauthenticated-rce-flaw-in-wordpress-core-disclosed/?utm_source=mastodon&amp;utm_medium=social&amp;utm_campaign=daily", "creation_timestamp": "2026-07-18T15:43:01.060337Z"}, {"uuid": "c025eeee-3481-4e6d-9dea-aaa6282b4fae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mqwm6b6tuq2j", "content": "Critical unauthenticated RCE vulnerability (CVE-2026-63030) found in WordPress Core. Affects versions 6.9.x and 7.0.x. Allows full site takeover via REST API. Update to 6.9.5 or 7.0.2 now! #WordPress #CVE #RCE #PatchNow\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-07-18T15:43:23.237196Z"}, {"uuid": "e6c1600b-0d29-4775-8552-a1d66bed9f8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/secdb.bsky.social/post/3mqwmgleo3s2y", "content": "\ud83d\udea8 wp2shell affects multiple vulnerabilities (CVE-2026-63030, CVE-2026-60137)\n\nRunning WordPress? Check your versions and patch to 6.8.6/6.9.5/7.0.2. If you can't patch immediately, apply the mitigations in the meantime.\n\n\u2139\ufe0f secdb.nttzen.cloud/updates/a5a5...\n\n#infosec #wordpress #rce #sqlinjection", "creation_timestamp": "2026-07-18T15:48:05.324153Z"}, {"uuid": "8d3542ed-618b-4279-b6bf-941383e58b61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://www.acn.gov.it/portale/w/wordpress-poc-pubblico-per-lo-sfruttamento-delle-cve-2026-60137-e-cve-2026-63030", "content": "Disponibile Proof of Concept (PoC) per le vulnerabilit\u00e0 identificate dalle CVE-2026-60137 e CVE-2026-63030, gi\u00e0 sanate dal vendor, che interessa il prodotto WordPress Core.", "creation_timestamp": "2026-07-18T16:00:49.500368Z"}, {"uuid": "4671b918-0c77-4fa0-861e-c16e14b0af3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-63030", "type": "seen", "source": "https://bsky.app/profile/davidgerard.circumstances.run.ap.brid.gy/post/3mqwo4mfczkf2", "content": "Update your WordPress to 7.0.2/6.9.5, it's important\n\nhttps://discourse.ifin.network/t/cve-2026-63030-and-cve-2026-60137-wp2shell-pre-auth-rce-in-wordpress-eitw/672/2", "creation_timestamp": "2026-07-18T16:18:20.746954Z"}, {"uuid": "3af79d0f-ac86-46a7-96fc-fd8fac849fdc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/hack4career.com/post/3mqwp4qmc4o2o", "content": "WordPress wp2shell (CVE-2026-63030): CISO FAQ &amp; Fix", "creation_timestamp": "2026-07-18T16:36:13.110658Z"}, {"uuid": "c7678e67-2a80-4003-8a7a-4b0476338eab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-63030", "type": "seen", "source": "https://bsky.app/profile/yazoul-alerts.bsky.social/post/3mqwqhbdrti2u", "content": "WordPress powers 43% of the web. A chain of two bugs could take down a chunk of it.\n\nCVE-2026-63030.\n\nhttps://www.yazoul.net/advisory/cve/cve-2026-63030-wordpress-rest-api-unauth-rce-poc/\n\n#InfoSec #ThreatIntel", "creation_timestamp": "2026-07-18T17:00:00.344739Z"}, {"uuid": "220ac080-192e-446e-9896-c4e034ef35ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/94005", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xsha\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 14:29:00\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-63030 + CVE-2026-60137 - \u201cwp2shell\u201d: unauthenticated RCE in WordPress core\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T17:00:05.084152Z"}, {"uuid": "15ea1e03-2480-4f6d-a4aa-ac4428b6b7b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/94004", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-63030\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a mverschu\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 14:39:10\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPoC Exploit of WordPress Core Unauthenticated RCE\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T17:00:05.151129Z"}, {"uuid": "eb1cdf41-c4cf-4df0-9b04-19bfe964e023", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116942243747321126", "content": "It is possible to see elevated activities targeting WordPress (CVE-2026-63030) https://vuldb.com/vuln/379927/cti", "creation_timestamp": "2026-07-18T17:50:30.349562Z"}, {"uuid": "c79f977f-c5eb-496e-86c8-57b572dbd312", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/94017", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a h4cd0c\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 16:41:06\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nwp2shell \u2014 Pre-authentication RCE in WordPress Core (CVE-2026-60137 + CVE-2026-63030). Chains an SQL injection in author__not_in with batch-route confusion for unauthenticated remote code execution on WP 6.9.0\u20136.9.4 / 7.0.0\u20137.0.1.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T18:00:04.586072Z"}, {"uuid": "7bc98b1a-b5c8-4f90-b934-66937aa331a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mqwttcd5pq2a", "content": "Public exploits for WordPress Core wp2shell flaws now enable pre-auth RCE on 6.9.x and 7.0.x. Tracked as CVE-2026-63030 and CVE-2026-60137. WordPress has pushed security updates. #WordPress #RCE #CVE2026", "creation_timestamp": "2026-07-18T18:00:25.414356Z"}, {"uuid": "8ffd3839-cd45-42e5-8963-7bbbe46d03e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116942282990851209", "content": "WordPress Core \"wp2shell\" CRITICAL RCE chain (CVE-2026-63030 &amp; CVE-2026-60137) actively exploited. Affects 6.9.0 \u2013 6.9.4 &amp; 7.0.0 \u2013 7.0.1. Public PoCs out. Patch to 6.9.5/7.0.2 ASAP. Block REST API endpoints as temp mitigation. https://radar.offseq.com/threat/wordpress-core-wp2shell-rce-flaws-get-public-exploits-patch-now-99579d9a7c571599 #OffSeq #WordPress #RCE #Vuln", "creation_timestamp": "2026-07-18T18:00:29.385363Z"}, {"uuid": "78d00a56-6869-4fde-8fb1-31e33ad1a3f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/modat-io.bsky.social/post/3mqwverqh222u", "content": "\u26a0\ufe0f wp2shell (CVE-2026-63030, CVSS 9.8): pre-auth RCE in WordPress core via the REST batch API (batch/v1), on by default &amp; reachable unauthenticated. Works on a stock install, no plugins. Affects 6.9.0\u20136.9.4 &amp; 7.0.0\u20137.0.1. Update to 6.9.5/7.0.2 now. Query: technology=\"WordPress\"", "creation_timestamp": "2026-07-18T18:28:10.732390Z"}, {"uuid": "ec5c51f9-c246-4654-afde-0bcbfd14ca2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/newssecia.bsky.social/post/3mqwvxjrszp24", "content": "\ud83e\udd16 WordPress Core \"wp2shell\" RCE (CVE-2026-63030, CVE-2026-60137): public exploits released for critical unauthenticated RCE. Patch immediately.\n\nhttps://www.bleepingcomputer.com/news/security/wordpress-core-wp2shell-rce-flaws-get-public-exploits-patch-now/", "creation_timestamp": "2026-07-18T18:38:34.386900Z"}, {"uuid": "0e4860d5-544c-4589-8741-c6d88831a109", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://t.me/P0x3k_1N73LL1G3NC3/393", "content": "WordPress Core \"wp2shell\" RCE\n\nThe attack consists of two flaws, tracked as CVE-2026-63030 and CVE-2026-60137, that can be chained together to achieve pre-authentication remote code execution against WordPress installs running versions 6.9.x and 7.0.x.", "creation_timestamp": "2026-07-18T19:00:04.511150Z"}, {"uuid": "83499df4-e11b-4d80-9306-5286293695f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityIL/86094", "content": "\ud83c\udf10\u05e9\u05d9\u05de\u05d5 \u05dc\u05d1 \u05dc\u05e9\u05ea\u05d9 \u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05d1\u05e4\u05dc\u05d8\u05e4\u05d5\u05e8\u05de\u05ea Wordpress \u05d4\u05de\u05d0\u05e4\u05e9\u05e8\u05d5\u05ea (\u05d9\u05d7\u05d3) \u05d4\u05e8\u05e6\u05ea \u05e7\u05d5\u05d3 \u05de\u05e8\u05d7\u05d5\u05e7.\n\n\u05d4\u05d7\u05d5\u05dc\u05e9\u05d5\u05ea CVE-2026-60137 \u05d5-CVE-2026-63030 \u05db\u05d5\u05dc\u05dc\u05d5\u05ea \u05db\u05d1\u05e8 POC \u05e2\u05d5\u05d1\u05d3 \u05e9\u05e4\u05d5\u05e8\u05e1\u05dd \u05d1\u05e8\u05e9\u05ea, \u05e7\u05d9\u05d1\u05dc\u05d5 \u05d0\u05ea \u05d4\u05db\u05d9\u05e0\u05d5\u05d9 wp2shell, \u05d5\u05d4\u05df \u05e4\u05d5\u05e6'\u05e4\u05e6'\u05d5 \u05d1\u05d2\u05e8\u05e1\u05d0\u05d5\u05ea 6.9.5 \u05d5-7.0.2.\n\nhttps://t.me/CyberSecurityIL/9229", "creation_timestamp": "2026-07-18T19:00:04.654205Z"}, {"uuid": "fc518283-ed73-45f2-95e0-6be046821657", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqwysx5qlv2p", "content": "CVE-2026-63030: WordPress Vulnerabilities Are a Silent Crisis\u2014Patch Now #WordPress #CyberSecurity #Vulnerability", "creation_timestamp": "2026-07-18T19:29:42.328045Z"}, {"uuid": "099d5a95-9339-4478-9659-00a642890ece", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqwyt24fzp2y", "content": "CVE-2026-63030: Unauthenticated RCE Vulnerabilities in WordPress Demand Immediate Action #CVE2026 #WordPressSecurity #CyberSecurity", "creation_timestamp": "2026-07-18T19:29:45.158528Z"}, {"uuid": "081f10be-e89e-49b2-b8d9-5b0a1d4feabb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqwyt56hln2p", "content": "CVE-2026-63030: WordPress Core's \u2018wp2shell\u2019 RCE Flaws Demand Urgent Scrutiny #WordPress #Cybersecurity #Vulnerabilities", "creation_timestamp": "2026-07-18T19:29:48.664036Z"}, {"uuid": "f6216559-3673-4d8d-93e2-eb331129b461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqwytaiwxw2l", "content": "CVE-2026-63030: WordPress Core Flaws Expose Over 500 Million Sites\u2014Update Required #WordPress #CyberSecurity #CVE2026", "creation_timestamp": "2026-07-18T19:29:52.101428Z"}, {"uuid": "cdd3ab0c-51b8-4984-b6a6-d2bfbe020b1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqwytdoirq2g", "content": "CVE-2026-63030: WordPress wp2shell RCE Exploits Highlight Patch Urgency #WordPress #CVE2026 #CyberSecurity", "creation_timestamp": "2026-07-18T19:29:55.238279Z"}, {"uuid": "727c5ae7-f5c7-428f-8327-b49ecf76cfd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqwythttjh2u", "content": "CVE-2026-63030: WordPress wp2shell Exploits\u2014Panic or Proactive Response? #CVE2026 #WordPress #CyberSecurity", "creation_timestamp": "2026-07-18T19:29:59.536536Z"}, {"uuid": "01989d2c-051d-4a7b-b244-c0b335eef230", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/94030", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-63030-POC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a mrx-arafat\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 17:21:31\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T20:00:03.909368Z"}, {"uuid": "0aa98fe4-ea9b-4aaf-8aa2-7775d14bb25f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/94025", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xWhoknows\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 17:33:49\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAutomated exploit chain for CVE-2026-63030 / CVE-2026-60137 \u2014 unauthenticated blind SQLi via WordPress REST batch route-confusion. Dumps user hashes, cracks credentials, deploys webshell. Supports single target and bulk site lists. For authorized security testing only.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T20:00:03.996620Z"}, {"uuid": "9bb515b7-e858-4660-98db-f0565ecd4121", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "seen", "source": "https://t.me/GithubRedTeam/94024", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #RCE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell_scanner\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a zi3lak\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 17:56:49\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nNon-intrusive detection scanner for the WordPress wp2shell pre-auth RCE chain (CVE-2026-63030 + CVE-2026-60137). Detection-only, no exploitation.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T20:00:04.072045Z"}, {"uuid": "6bd1e42d-9c79-4c9e-a3da-2c64de23bfca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-63030", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/94031", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #POC #CVE\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a wp2shell-poc\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a yoerivegt\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-07-18 19:02:38\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nwp2shell (CVE-2026-60137 / CVE-2026-63030)\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-07-18T20:00:04.181776Z"}]}