Vulnerability Research CVE-2026-63030 & CVE-2026-60137: wp2shell Pre-Auth RCE in WordPress Core via REST Batch-Route Confusion and SQL Injection Jul 18, 2026 ·12 min read