Action Required: Critical WordPress vulnerability detected - CVE-2026-63030

  • Saturday, 18th July, 2026
  • 20:11pm

🚨 Action Required: Critical WordPress Security Vulnerability

A critical WordPress vulnerability, identified as CVE-2026-63030, has been disclosed and may affect several commonly used WordPress versions.

The vulnerability may be exploited remotely against a default WordPress installation without requiring additional plugins. Customers running an affected version should update their WordPress installation as soon as possible.

Affected and fixed versions:

• WordPress 6.8.0–6.8.5 → Update to 6.8.6
• WordPress 6.9.0–6.9.4 → Update to 6.9.5
• WordPress 7.0.0–7.0.1 → Update to 7.0.2
• WordPress 7.1 Beta versions before Beta 2 → Update to 7.1 Beta 2

Recommended action

  1. Take a full backup of your website before updating.

  2. Update WordPress to the relevant fixed version immediately.

  3. Confirm that your website and plugins are working correctly after the update.

As WordPress is a customer-managed content management system, LankaHost cannot apply this update directly on your behalf. However, we recommend creating a full manual cPanel backup before proceeding. Our support team can assist with restoring the backup if you experience issues following the update.

Technical information:

🔗 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ff9f-jf42-662q

🔗 https://wordpress.org/news/2026/07/wordpress-7-0-2-release/

Please treat this update as urgent and secure your WordPress website as soon as possible.

LankaHost Support Team

« Back