Skip to main content
    Critical WordPress Security Flaw Needs Immediate Fixing
    Cybersecurity
    Breaking
    2 min read

    Critical WordPress Security Flaw Needs Immediate Fixing

    If you run a WordPress website, hackers now have public tools to break into unpatched sites. Update your WordPress installation immediately.

    Source

    BleepingComputer

    Original headline: WordPress Core "wp2shell" RCE flaws get public exploits, patch now

    Plain-English summary by GetCyberRight. Read the full report at the source above.

    Published Saturday, July 18, 2026Updated Sunday, July 19, 20262 min read
    Share:

    A critical security vulnerability in WordPress has been discovered, and hackers now have access to public tools that can exploit it. The flaw, nicknamed wp2shell, allows attackers to take complete control of vulnerable WordPress websites. Public exploits mean that even less skilled hackers can now attack websites that have not been updated. This affects anyone who runs a website using WordPress. This includes small business owners, bloggers, family websites, school organizations, community groups, or anyone else who manages a WordPress site. If your site has not been updated recently, attackers could potentially break in, steal information, deface your site, or use it to spread malware to your visitors.

    Take these steps immediately if you run a WordPress website:

    1. Log into your WordPress dashboard right away. Go to Dashboard, then Updates, and install any available WordPress core updates.
    2. If you are not sure how to update WordPress, contact your web hosting company and ask them to update it for you immediately. Most hosting companies offer this support.
    3. After updating, change your WordPress admin password to something strong and unique.
    4. Enable two factor authentication on your WordPress account if available through your hosting provider or a security plugin. Going forward, set up automatic updates for WordPress if your hosting provider offers this option. Check for updates at least once per week if automatic updates are not available. Consider using a security plugin that alerts you to vulnerabilities. Keeping your website software updated is one of the most important things you can do to prevent hacks, just like keeping your phone and computer updated protects your personal devices.

    Protect Yourself

    Stay one step ahead with our free family cybersecurity tools. Check links, scan for breached accounts, and get personalized risk assessments.

    Found this useful?

    Share it with someone who could use a heads-up.

    Share:

    Curated from trusted cybersecurity sources by GetCyberRight

    Source: BleepingComputer

    Discussion

    0

    Sign in to join the discussion.

    Stay ahead of cyber threats

    Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.