wp2shell-poc Independent proof-of-concept for the unauthenticated WordPress REST batch route-confusion SQL injection associated with Searchlight Cyber's wp2shell advisory. The unauthenticated primitive reaches the injection through a single endpoint: POST /wp-json/batch/v1. This repository is not Searchlight Cyber's official checker and does not claim to reproduce undisclosed wp2shell internals. c
WordPress
PoC Research
Vulners
Apply vendor security patch