Critical WordPress wp2shell Vulnerability Discovered
The security firm Searchlight Cyber just found a major flaw inside the core WordPress code. This remote code execution flaw does not require any login steps. Any rogue user can run harmful code on a default system setup. In the end, this bug gives hackers full control over the site and its database.
Details Remain Hidden for Safety
Experts quickly sent a full report to the WordPress team. Because the risk is so high, the team keeps the fine details hidden for now. Still, the firm built a free testing tool at wp2shell.com. Thus, site owners can quickly check if their pages are safe.
Using the Diagnostic Tool
Using this scanning tool is very simple. A user just types their web address to start the test. Next, the tool sends WP-JSON requests to look for bad server replies. If it finds a match, the system warns the owner right away. So, admins must block plain WP-JSON access or update their code.
Affected Software Versions
Certain software versions face clear danger from this bug. Namely, WordPress versions 6.9.0 through 6.9.4 are fully at risk. Likewise, versions 7.0.0 and 7.0.1 remain open to attacks. Conversely, versions 6.8.5 and below stay perfectly safe. Luckily, coders pushed quick fixes to versions 6.8.6 and 6.9.5. Also, the core team fixed the flaw completely in the 7.1 Beta 2 release.
Permanent and Temporary Fixes
Site admins can use both fast and long-term fixes. To solve the issue for good, you must update to version 7.0.2. This major patch fixes the REST API route mix-up and the SQL injection flaw. As noted in the formal guide on the wp2shell pre-authentication RCE in WordPress core, this threat needs fast action.
Applying the Temporary Mitigation
Alternately, a quick fix involves adding a plugin to block guest WP-JSON access. Yet, this block might break normal site actions. Finally, sites on Cloudflare gain instant safety, since the host added fresh WAF rules to block the attacks.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.