
SoftwareBreaking
A WordPress bug called wp2shell lets anyone take over a default install. Update now
No login, no plugin, no misconfiguration required — CVE-2026-63030 chains two flaws into remote code execution on a stock WordPress site. Patches are out; here's what to actually verify.
Priya Nair · 14h ago · 5 min
