Wp2shell: Pre Authentication RCE in WordPress Core

tjwds1 pts0 comments

-->

wp2shell: Pre Authentication RCE in WordPress Core › Searchlight Cyber

Skip to content

July 17, 2026

Security advisory

Adam Kues

wp2shell: Pre Authentication RCE in WordPress Core

Stay current: Get research alerts for newly disclosed vulnerabilities and exposures

Searchlight Cyber’s security research team has discovered a pre-authentication RCE in WordPress Core. The attack has no preconditions and can be exploited by an anonymous user in a stock install of WordPress with no plugins.

It is estimated that over 500 million websites use WordPress.

Given the severity of the bug and to give defenders time to patch, we are not releasing technical details at this time. We are, however, releasing a website to determine if your instance is vulnerable. You can find it here: https://wp2shell.com/

Check if your site is impacted

wp2shell[.]com is a public tool developed by Searchlight Cyber

Affected WordPress versions

: not affected.

6.9.0 - 6.9.4: affected.

7.0.0 - 7.0.1: affected.

Mitigation

The best way to protect yourself is to update WordPress to version 7.0.2, or 6.9.5 if you are on the 6.9 branch. as soon as possible. If this isn’t possible, you can temporarily protect your instance by blocking anonymous access to the batch API, either by:

Installing a plugin that blocks anonymous access to the rest API entirely; or

Blocking /wp-json/batch/v1 and ?rest_route=/batch/v1 at a WAF level.

Note that both these solutions may have an impact on legitimate use of the site and should only be considered emergency temporary measures until you can update.

About Searchlight Cyber

Customers of Searchlight Cyber’s ASM solution, Assetnote, are always first to receive checks for the novel vulnerabilities we discover – often weeks or months before public disclosure. Our Security Research Team continues to dig beyond public PoCs to deliver high-signal detections to our platform. Learn more.

Share this post

in this article

Related Research

Research

Smashing the ServiceNow Sandbox – Pre Authentication RCE

Find out more

Research

CargoWise WebTracker – The Keys Were in the Cargo

Find out more

Research

Two Bypasses for Chrome’s Sanitizer API

Find out more

Research

Keys to the Kingdom: Anonymous SQL Injection in Drupal Core (CVE-2026-9082)

Find out more

Book your demo: Identify cyber
threats earlier– before they
impact your business

Searchlight Cyber is used by security professionals and leading investigators to surface criminal activity and protect businesses. Book your demo to find out how Searchlight can:

Enhance your security with advanced automated dark web monitoring and investigation tools

Continuously monitor for threats , including ransomware groups targeting your organization

Prevent costly cyber incidents and meet cybersecurity compliance requirements and regulations

Fill in the form to get you demo

UK Office

Pure Offices, One Port Way, Port Solent,

Portsmouth PO6 4TY, United Kingdom

Registered in England & Wales

Company Registration Number - 10765196

+44 (0)345 862 2925

USA Office

44 Merrimac Street Newburyport, MA 01950

+1 (202) 6847516

beacon Cybersecurity newsletter

Get Cybersecurity News, Insights, & Intelligence straight to your inbox

Sign Up

Connect with us

Copyright © 2026 Searchlight Cyber

cyber wordpress searchlight research find wp2shell

Related Articles