Critical WordPress wp2shell Vulnerability Discovered

WordPress wp2shell vulnerability detection and remote code execution prevention

The security firm Searchlight Cyber just found a major flaw inside the core WordPress code. This remote code execution flaw does not require any login steps. Any rogue user can run harmful code on a default system setup. In the end, this bug gives hackers full control over the site and its database.

Details Remain Hidden for Safety

Experts quickly sent a full report to the WordPress team. Because the risk is so high, the team keeps the fine details hidden for now. Still, the firm built a free testing tool at wp2shell.com. Thus, site owners can quickly check if their pages are safe.

Using the Diagnostic Tool

Using this scanning tool is very simple. A user just types their web address to start the test. Next, the tool sends WP-JSON requests to look for bad server replies. If it finds a match, the system warns the owner right away. So, admins must block plain WP-JSON access or update their code.

Affected Software Versions

Certain software versions face clear danger from this bug. Namely, WordPress versions 6.9.0 through 6.9.4 are fully at risk. Likewise, versions 7.0.0 and 7.0.1 remain open to attacks. Conversely, versions 6.8.5 and below stay perfectly safe. Luckily, coders pushed quick fixes to versions 6.8.6 and 6.9.5. Also, the core team fixed the flaw completely in the 7.1 Beta 2 release.

Permanent and Temporary Fixes

Site admins can use both fast and long-term fixes. To solve the issue for good, you must update to version 7.0.2. This major patch fixes the REST API route mix-up and the SQL injection flaw. As noted in the formal guide on the wp2shell pre-authentication RCE in WordPress core, this threat needs fast action.

Applying the Temporary Mitigation

Alternately, a quick fix involves adding a plugin to block guest WP-JSON access. Yet, this block might break normal site actions. Finally, sites on Cloudflare gain instant safety, since the host added fresh WAF rules to block the attacks.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Leave a Reply