Unauthenticated RCE in WordPress core (wp2shell)
SQL injections are still among us. On July 17, WordPress released an emergency security update. Version 7.0.2 fixes an unauthenticated remote code execution flaw in WordPress core that an anonymous attacker can trigger against a stock install with no plugins involved. If your site runs an affected version, update today. WordPress.org has turned on forced auto-updates for affected sites because of how severe this is. We are tracking this vulnerability in Aikido Intel.