A newly disclosed vulnerability chain dubbed wp2shell affects WordPress Core, not a third-party plugin. The disclosure has prompted emergency security updates and includes publicly available PoC, IoCs, and detection guidance for defenders
A newly disclosed vulnerability chain dubbed wp2shell affects WordPress Core, not a third-party plugin. The disclosure has prompted emergency security updates and includes publicly available PoC, IoCs, and detection guidance for defenders
For all its flaws and spaghetti code vulnerabilities in WP core have been really really rare. It’s usually some plugin that’s vulnerable. And automatic updates take care of timely patches.