WordPress RCE Vulnerability
[ 17 July 2026 at 5:50pmET/2150UTC ] We are writing to inform you of a major WordPress vulnerability impacting versions 6.8 and above. Update your WordPress site to apply the security patch.
What happened?
- Versions of WordPress 6.8 and above are impacted by a remote code execution vulnerability
- An attacker may be able to exploit a vulnerable site without being logged in
- WordPress has released patches for vulnerable versions
Current Status
- Patches are being rolled out across our infrastructure
- WAF providers and other security vendors (such as Cloudflare) have deployed security rules to block exploitation for their users
Next Steps
- ACTION REQUIRED: Update WordPress to patched versions if the patch has not yet been applied to your site
- For v7.0x, update to v7.0.2 (https://wordpress.org/news/2026/07/wordpress-7-0-2-release/)
- For v6.9x, update to v6.9.5 (https://wordpress.org/documentation/wordpress-version/version-6-9-5/)
- For v6.8x, update to 6.8.6 (https://wordpress.org/documentation/wordpress-version/version-6-8-6/)
Contact our Support Team
If you have any further questions or need assistance, please contact our support team.