ByteBrief
We're a portrait publication through and through. Turn your phone back and your briefing picks up right where you left it.
(We tried widescreen once. It wasn't us.)
Public exploits have been released for the critical wp2shell remote code execution vulnerabilities affecting WordPress Core. The attack chains CVE-2026-63030 (REST API batch-route confusion) and CVE-2026-60137 (SQL injection) for pre-authentication RCE on versions 6.9.x and 7.0.x. WordPress has enabled forced automatic updates and released versions 6.9.5 and 7.0.2. Cloudflare has deployed WAF protections for both flaws.
Tracked by ByteBrief