Share
## https://sploitus.com/exploit?id=4031362F-B82C-5C5E-85B4-6FC368C030B3
# wp2shell-scanner

Non-destructive detection for WordPress core exposure to wp2shell (CVE-2026-63030 / CVE-2026-60137). Fingerprints the core version and confirms the REST `/batch/v1` route is reachable; sends no exploit payload.

## Nuclei template

```
nuclei -t wp2shell-exposure.yaml -u https://target
```

## Python scanner

Single host, multiple hosts, or a file. Standard library only.

```
python3 wp2shell.py https://target
python3 wp2shell.py host1 host2 host3
python3 wp2shell.py -f hosts.txt
```

Options: `-f/--file` hosts file (one per line), `-j/--json` JSON output, `-t/--threads` concurrency (default 10).