Action Required: Critical WordPress vulnerability detected - CVE-2026-63030
-
Saturday, 18th July, 2026
-
20:11pm
🚨 Action Required: Critical WordPress Security Vulnerability
A critical WordPress vulnerability, identified as CVE-2026-63030, has been disclosed and may affect several commonly used WordPress versions.
The vulnerability may be exploited remotely against a default WordPress installation without requiring additional plugins. Customers running an affected version should update their WordPress installation as soon as possible.
Affected and fixed versions:
• WordPress 6.8.0–6.8.5 → Update to 6.8.6
• WordPress 6.9.0–6.9.4 → Update to 6.9.5
• WordPress 7.0.0–7.0.1 → Update to 7.0.2
• WordPress 7.1 Beta versions before Beta 2 → Update to 7.1 Beta 2
✅ Recommended action
-
Take a full backup of your website before updating.
-
Update WordPress to the relevant fixed version immediately.
-
Confirm that your website and plugins are working correctly after the update.
As WordPress is a customer-managed content management system, LankaHost cannot apply this update directly on your behalf. However, we recommend creating a full manual cPanel backup before proceeding. Our support team can assist with restoring the backup if you experience issues following the update.
Technical information:
🔗 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ff9f-jf42-662q
🔗 https://wordpress.org/news/2026/07/wordpress-7-0-2-release/
Please treat this update as urgent and secure your WordPress website as soon as possible.
LankaHost Support Team