Public exploits released for critical WordPress RCE vulnerabilities
Public exploits for the 'wp2shell' attack chain targeting WordPress Core have been released, enabling pre-authentication remote code execution on versions 6.9.x and 7.0.x. WordPress has activated forced automatic security updates, urging site owners to update to 7.0.2 or 6.9.5 immediately.