
Ryan Dewhurst
3.7K posts

Ryan Dewhurst
@ethicalhack3r
• Vulnerability & Threat Intelligence at https://t.co/hpcaDY39hO • Founder of @_WPScan_ (acquired by Automattic) • Founder of DVWA • Ethical Hacking Graduate






🚨Searchlight Cyber's research team has found a pre-authentication RCE in WordPress Core. affected versions: 6.9.0–6.9.4, 7.0.0–7.0.1 No preconditions, exploitable by an anonymous user on a stock install with no plugins. CVE-2026-63030/CVE-2026-60137 wp2shell.com

WordPress 7.0.2 is now available. This security release addresses 1 critical and 1 high severity issue, including a REST API vulnerability that could lead to remote code execution. Update your sites now. wp.me/pZhYe-5vp

Reproducing wp2shell is trivial with AI. Buckle up!




Anyone want to help this guy escape from Belarus? 😬 Captured by KEVIntel sensors.



New in KEVIntel: Observed Attackers and Attacker IP Profiles. See which IPs are most active, which CVEs each IP is targeting, and the activity behind every profile. Export attacker IPs as CSV for blocklist and enrichment workflows. Product demo 👇






