securityonline.info 7/18/2026, 2:41:22 AM · external

WordPress SQLi bug allows remote code execution, update now

WordPress SQLi bug allows remote code execution, update now
Developing story vulnerability 3 articles tracked
WordPress SQLi bug allows remote code execution, update now
CyberSIXT Evidence Panel
Primary Source wordpress.org
CISA KEV Not in KEV
Patch Patch Status Unknown

THE page discusses critical vulnerabilities affecting WordPress, specifically CVE-2026-60137 and CVE-2026-63030, both of which involve SQL injection and a pre-authentication remote code execution risk. The vulnerabilities have a high severity rating, with CVE-2026-60137 rated 9.1 and CVE-2026-63030 rated 7.5 on the CVSS scale. No confirmed exploitation has occurred so far, but patches are available in WordPress versions 6.8.6, 6.9.5, and 7.0.2.

Administrators are urged to update immediately, as the vulnerabilities render stock installations vulnerable without any login requirements. The article outlines the exploitation method, emphasizes the significance of the threat due to WordPress's widespread use, and provides mitigation steps for those unable to patch immediately.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline