PSA: WordPress Core Patched Unauthenticated Remote Code Execution Vulnerability Chain

On July 17, 2026, the WordPress Security Team released updates to WordPress core addressing two security vulnerabilities. The first is an unauthenticated SQL injection vulnerability identified as CVE-2026-60137, while the second can be chained with the SQL injection to increase its impact to unauthenticated remote code execution and is identified as CVE-2026-63030. To protect WordPress … Read more

WordPress 7.0.2 Release

WordPress 7.0.2 is now available. The 7.0.2 security release addresses one critical and one high severity security issue. Because this is a security release, it is recommended that you update your sites immediately. Due to the severity, the WordPress.org team have enabled forced updates via the auto-update system for sites running affected versions. To manually … Read more

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 6, 2026 to July 12, 2026)

Last week, there were 267 vulnerabilities disclosed in 222 WordPress Plugins and 6 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 136 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected. Our mission with … Read more