Critical "wp2shell" WordPress Core RCE Vulnerability Puts 500M+ Sites at Risk
RedSide Security July 18, 2026 Vulnerability 2 views
A critical WordPress Core vulnerability dubbed wp2shell allows unauthenticated attackers to achieve remote code execution on affected websites without requiring plugins or user credentials. WordPress has released emergency patches and is force-pushing updates to vulnerable installations worldwide.