Security News New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code TheHackerNews Daniel Bender 17 Jul 2026 Share WordPress 6.9.5 and 7.0.2 patch wp2shell, a pre-auth core RCE that lets anonymous attackers run code on default installs, even with no plugins.