CVE-2026-63030
EUVD-2026-4528017.07.2026, 20:17
WordPress 6.9.x before 6.9.5 and 7.0.x before 7.0.2 is affected by a REST API batch endpoint route confusion issue which, combined with the author__not_in WP_Query SQL Injection (CVE-2026-60137), could allow an attacker to perform SQL Injection and achieve Remote Code Execution.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| wordpress | wordpress | 6.9.0 ≤ 𝑥 < 6.9.5 | CNA |
| wordpress | wordpress | 7.0.0 ≤ 𝑥 < 7.0.2 | CNA |
Common Weakness Enumeration