CVE-2024-12345

A critical authentication bypass vulnerability in WordPress allows unauthenticated attackers to gain admin access and execute arbitrary code on millions of websites. Update immediately.

Severity

critical

CVSS Score

9.8 / 10

Exploitation

Actively exploited

Published

Feb 8, 2026

Affected Products

›WordPress 6.4 and earlier
›WordPress 6.3
›WordPress 6.2

Full Analysis

Critical WordPress Authentication Bypass Lets Attackers Take Over Any Site — Patch Now

Deep-dive: technical breakdown, real-world impact, complete remediation steps, and expert context.

Read the full report →

← All threat reports All articles