THE page discusses critical vulnerabilities affecting WordPress, specifically CVE-2026-60137 and CVE-2026-63030, both of which involve SQL injection and a pre-authentication remote code execution risk. The vulnerabilities have a high severity rating, with CVE-2026-60137 rated 9.1 and CVE-2026-63030 rated 7.5 on the CVSS scale. No confirmed exploitation has occurred so far, but patches are available in WordPress versions 6.8.6, 6.9.5, and 7.0.2.
Administrators are urged to update immediately, as the vulnerabilities render stock installations vulnerable without any login requirements. The article outlines the exploitation method, emphasizes the significance of the threat due to WordPress's widespread use, and provides mitigation steps for those unable to patch immediately.