{"id":9181,"date":"2026-07-18T09:07:21","date_gmt":"2026-07-18T09:07:21","guid":{"rendered":"https:\/\/locaterisk.com\/de\/?p=9181"},"modified":"2026-07-18T09:07:21","modified_gmt":"2026-07-18T09:07:21","slug":"wordpress-core-rce-wp2shell-6-9-7-0","status":"publish","type":"post","link":"https:\/\/locaterisk.com\/fr\/wordpress-core-rce-wp2shell-6-9-7-0\/","title":{"rendered":"Vuln\u00e9rabilit\u00e9 RCE critique dans le c\u0153ur de WordPress (CVE-2026-63030)"},"content":{"rendered":"<div class=\"wp-block-lr-blog-article-header-module\">\r\n    <div class=\"content\">\r\n\t\t<div class=\"headline\">\r\n\t\t\t<button class=\"to-blog-button\">Retour au blog                <a href=\"https:\/\/locaterisk.com\/fr\/blog\/\"><\/a>\r\n\t\t\t<\/button>\r\n\t\t\t\t\t<\/div>\r\n        <div class=\"main-content\">\r\n\t\t\t\t\t\t<!--\r\n            <div class=\"header\">\r\n                <h6> <\/h6>\r\n            <\/div>\r\n\t\t\t\t\t\t-->\r\n            <h1 class=\"title\">Vuln\u00e9rabilit\u00e9 RCE critique dans le c\u0153ur de WordPress (CVE-2026-63030)<\/h1>\r\n            <p class=\"paragraph\"><br><span class=\"lr-ai-disclosure\" style=\"display:block;margin:8px 0 28px;font-size:14px;line-height:1.4;color:#8b93a7;font-family:inherit;font-style:italic;\">Ce texte a \u00e9t\u00e9 g\u00e9n\u00e9r\u00e9 par l'intelligence artificielle (IA).<\/span>Le 17 juillet 2026, une faille de s\u00e9curit\u00e9 critique a \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9e au c\u0153ur du syst\u00e8me de gestion de contenu WordPress. Cette faille, r\u00e9pertori\u00e9e sous le nom de <strong>CVE-2026-63030<\/strong>, permet aux pirates d'ex\u00e9cuter du code arbitraire (Remote Code Execution, RCE) sur les serveurs concern\u00e9s. Au moment de la publication, aucun score CVSS officiel n'avait encore \u00e9t\u00e9 attribu\u00e9 par le NVD\/MITRE ; dans son analyse, Cloudflare classe cette vuln\u00e9rabilit\u00e9 comme <strong>Critique<\/strong> . \u00c9tant donn\u00e9 que cette attaque ne n\u00e9cessite aucune authentification et qu'elle r\u00e9ussit, selon Cloudflare, \u00e0 cibler les installations ne disposant pas d'un cache d'objets persistant, elle repr\u00e9sente un risque consid\u00e9rable pour les administrateurs de sites WordPress.<br><br>Cette faille de s\u00e9curit\u00e9, \u00e9galement connue sous le nom de \u201e wp2shell \u201c, r\u00e9sulte de la combinaison de deux vuln\u00e9rabilit\u00e9s : une \u201e confusion de route de lot \u201c dans l'API REST et une faille d'injection SQL (<strong>CVE-2026-60137<\/strong>). En raison du niveau de gravit\u00e9 \u00e9lev\u00e9 de cette faille, l'\u00e9quipe de s\u00e9curit\u00e9 de WordPress a activ\u00e9 une mise \u00e0 jour automatique obligatoire pour les installations concern\u00e9es, une mesure qui n'est prise qu'en cas de menaces graves.<\/p>\r\n        <\/div>\r\n    <\/div>\r\n<\/div>\r\n\r\n\r\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"400\" height=\"400\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/third-party-vulnerability.png\" alt=\"Kritische RCE-L\u00fccke in WordPress Core (CVE-2026-63030)\" class=\"wp-image-9139\" srcset=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/third-party-vulnerability.png 400w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/third-party-vulnerability-300x300.png 300w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/third-party-vulnerability-150x150.png 150w, https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/third-party-vulnerability-12x12.png 12w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><\/figure><\/div>\n\n\n<h2 class=\"wp-block-heading\"><strong>Contexte technique et d\u00e9roulement de l'attaque<\/strong><\/h2>\n\n\n\n<p>Le point d'attaque est le terminal accessible au public <strong>\/wp-json\/batch\/v1<\/strong> de l'API REST de WordPress. Une erreur de logique dans la routine de traitement des requ\u00eates group\u00e9es dans le fichier <strong>class-wp-rest-server.php<\/strong> permet de contourner la validation interne des routes. Les attaquants peuvent ainsi envoyer des requ\u00eates \u00e0 des fonctions API internes qui n\u00e9cessitent normalement une authentification.<\/p>\n\n\n\n<p>Dans un deuxi\u00e8me temps, cet acc\u00e8s non autoris\u00e9 est exploit\u00e9 pour tirer parti d'une vuln\u00e9rabilit\u00e9 de type injection SQL dans le fichier <strong>class-wp-query.php<\/strong> en tirer parti. Cela permet d'injecter et d'ex\u00e9cuter des commandes SQL manipul\u00e9es dans la base de donn\u00e9es, ce qui conduit finalement \u00e0 la compromission totale du syst\u00e8me par l'ex\u00e9cution de code \u00e0 distance.<\/p>\n\n\n\n<p>Cette vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 signal\u00e9e par Adam Kues (Searchlight Cyber) dans le cadre d'un processus de divulgation responsable. L'injection SQL associ\u00e9e a \u00e9t\u00e9 d\u00e9couverte par une \u00e9quipe compos\u00e9e de TF1T, dtro et haongo.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Versions concern\u00e9es et mesures recommand\u00e9es<\/strong><\/h2>\n\n\n\n<p>Tous les administrateurs de sites WordPress doivent agir sans d\u00e9lai. La mesure principale consiste \u00e0 effectuer une mise \u00e0 jour vers une version s\u00e9curis\u00e9e.<\/p>\n\n\n\n<p><strong>Versions concern\u00e9es par la vuln\u00e9rabilit\u00e9 RCE (CVE-2026-63030) :<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>WordPress 6.9.0 \u00e0 6.9.4<\/li>\n\n\n\n<li>WordPress 7.0.0 \u00e0 7.0.1<\/li>\n<\/ul>\n\n\n\n<p><strong>Versions concern\u00e9es par la vuln\u00e9rabilit\u00e9 de type injection SQL (CVE-2026-60137) :<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>WordPress 6.8.0 \u00e0 6.8.5<\/li>\n<\/ul>\n\n\n\n<p><strong>Mesures d'urgence :<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Mise \u00e0 jour vers la version <a href=\"https:\/\/wordpress.org\/news\/2026\/07\/wordpress-7-0-2-release\/\" target=\"_blank\" rel=\"noreferrer noopener\">7.0.2<\/a>:<\/strong> Corrige ces deux vuln\u00e9rabilit\u00e9s.<\/li>\n\n\n\n<li><strong>Mise \u00e0 jour vers la version 6.9.5 :<\/strong> Corrige ces deux vuln\u00e9rabilit\u00e9s pour la branche 6.9.x.<\/li>\n\n\n\n<li><strong>Mise \u00e0 jour vers la version 6.8.6 :<\/strong> Corrige la faille de type \u00ab injection SQL \u00bb pour la branche 6.8.x.<\/li>\n<\/ul>\n\n\n\n<p><strong>Mesures d'urgence (si une mise \u00e0 jour n'est pas possible imm\u00e9diatement) :<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Blocage du chemin <strong>\/wp-json\/batch\/v1<\/strong> ainsi que <strong>?rest_route=\/batch\/v1<\/strong> via un pare-feu d'application web (WAF).<\/li>\n\n\n\n<li>D\u00e9sactivation temporaire de l'API REST de WordPress, si celle-ci n'est pas absolument n\u00e9cessaire.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Importance pour les entreprises de la r\u00e9gion DACH et la conformit\u00e9<\/strong><\/h2>\n\n\n\n<p>WordPress est l'une des plateformes les plus utilis\u00e9es au monde ; l'impact potentiel est donc d'autant plus important dans la r\u00e9gion DACH. Les entreprises qui utilisent WordPress pour leurs sites web publics, leurs portails clients ou leurs microsites internes devraient v\u00e9rifier sans d\u00e9lai si leurs installations sont \u00e0 jour. Si des donn\u00e9es \u00e0 caract\u00e8re personnel ont \u00e9t\u00e9 compromises \u00e0 la suite de l\u2019exploitation de cette vuln\u00e9rabilit\u00e9, l\u2019obligation de notification pr\u00e9vue \u00e0 l\u2019article 33 du RGPD s\u2019applique (d\u00e9lai de 72 heures aupr\u00e8s de l\u2019autorit\u00e9 de contr\u00f4le comp\u00e9tente). Pour les op\u00e9rateurs relevant de la directive NIS-2, une attaque r\u00e9ussie peut en outre entra\u00eener des obligations de notification au titre de l\u2019article 23 de la directive NIS-2. Le BSI recommande de mani\u00e8re g\u00e9n\u00e9rale d\u2019appliquer sans d\u00e9lai les mises \u00e0 jour de s\u00e9curit\u00e9 disponibles pour les applications web expos\u00e9es.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>La visibilit\u00e9, fondement de la cybers\u00e9curit\u00e9 et de la conformit\u00e9<\/strong><\/h2>\n\n\n\n<p>Des failles telles que <strong>CVE-2026-63030<\/strong> soulignent la n\u00e9cessit\u00e9 d'avoir une vue d'ensemble compl\u00e8te et continue de tous les syst\u00e8mes informatiques accessibles depuis l'ext\u00e9rieur. Une plateforme de gestion de la surface d'attaque externe (EASM) telle que LocateRisk recense automatiquement l'ensemble de la surface d'attaque d'une entreprise. Cela inclut non seulement le site web principal de l\u2019entreprise, mais aussi les syst\u00e8mes de \u00ab shadow IT \u00bb souvent n\u00e9glig\u00e9s, tels que les blogs marketing oubli\u00e9s, les environnements de test ou les microsites, qui pourraient \u00e9galement fonctionner sous une version vuln\u00e9rable de WordPress.<\/p>\n\n\n\n<p>L'identification pr\u00e9cise des versions logicielles utilis\u00e9es permet aux \u00e9quipes de s\u00e9curit\u00e9 de s\u00e9curiser les syst\u00e8mes concern\u00e9s de mani\u00e8re cibl\u00e9e et sans d\u00e9lai. Ce processus constitue un \u00e9l\u00e9ment essentiel de la gestion des risques et favorise le respect des exigences r\u00e9glementaires et des normes telles que NIS-2 ou ISO 27001, qui imposent une gestion active des vuln\u00e9rabilit\u00e9s.<\/p>\n\n\n\n<p>De plus, la surveillance des prestataires dans le cadre de la gestion des risques li\u00e9s aux fournisseurs (VRM) est essentielle. Si une agence externe g\u00e8re un site WordPress pour votre entreprise, toute faille de s\u00e9curit\u00e9 de cette derni\u00e8re devient un risque pour vous. LocateRisk facilite l'\u00e9valuation continue de la situation de s\u00e9curit\u00e9 des fournisseurs et aide \u00e0 d\u00e9terminer si leurs syst\u00e8mes sont \u00e9galement conformes aux exigences r\u00e9glementaires en vigueur. La plateforme est h\u00e9berg\u00e9e dans des centres de donn\u00e9es allemands certifi\u00e9s et aide les clients \u00e0 se conformer aux exigences du RGPD.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Sources et informations compl\u00e9mentaires<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Mise \u00e0 jour de s\u00e9curit\u00e9 WordPress.org (officielle) :<\/strong> <a href=\"https:\/\/wordpress.org\/news\/2026\/07\/wordpress-7-0-2-release\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/wordpress.org\/news\/2026\/07\/wordpress-7-0-2-release\/<\/a><\/li>\n\n\n\n<li><strong>Analyse Cloudflare :<\/strong> <a href=\"https:\/\/blog.cloudflare.com\/wordpress-vulnerabilities\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/blog.cloudflare.com\/wordpress-vulnerabilities\/<\/a><\/li>\n\n\n\n<li><strong>Article de The Hacker News :<\/strong> <a href=\"https:\/\/thehackernews.com\/2026\/07\/new-wp2shell-wordpress-core-flaw-lets.html\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/thehackernews.com\/2026\/07\/new-wp2shell-wordpress-core-flaw-lets.html<\/a><\/li>\n<\/ul>\n\n\n\n<div class=\"wp-block-lr-faq-module\"><div class=\"content\"><h3><strong>Questions fr\u00e9quentes<\/strong><\/h3><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Quelles versions de WordPress sont concern\u00e9es par la faille RCE CVE-2026-63030 ?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">La vuln\u00e9rabilit\u00e9 permettant l'ex\u00e9cution de code \u00e0 distance concerne les versions 6.9.0 \u00e0 6.9.4 de WordPress, ainsi que les versions 7.0.0 et 7.0.1. Les installations de WordPress ant\u00e9rieures \u00e0 la version 6.9.0 ne sont pas concern\u00e9es par cette vuln\u00e9rabilit\u00e9 RCE.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Mon installation de WordPress 6.8 est-elle \u00e0 l'abri de la vuln\u00e9rabilit\u00e9 CVE-2026-63030 ?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">Oui, votre installation n'est pas concern\u00e9e par la vuln\u00e9rabilit\u00e9 RCE. Elle est toutefois expos\u00e9e \u00e0 la faille d'injection SQL associ\u00e9e. <strong>CVE-2026-60137<\/strong>. Une mise \u00e0 jour vers la version <strong>6.8.6<\/strong> est vivement recommand\u00e9.<\/p><\/div><\/div><div class=\"faq-topic\"><hr\/><div class=\"collapsible-title\"><a class=\"pr-4\"><strong>Existe-t-il d\u00e9j\u00e0 un correctif pour la vuln\u00e9rabilit\u00e9 CVE-2026-63030 ?<\/strong><\/a><img class=\"collapse-toggle\" srcset=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@3x.png 3x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus@2x.png 2x,https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/faq-module\/img\/ic-plus.png 1x\"\/><\/div><div class=\"collapsible-content\"><p class=\"font-normal\">Oui, l'\u00e9quipe WordPress a publi\u00e9 des mises \u00e0 jour de s\u00e9curit\u00e9 le 17 juillet 2026. En fonction de la version que vous utilisez actuellement, vous devriez effectuer la mise \u00e0 jour vers <strong>WordPress 7.0.2<\/strong>, <strong>6.9.5<\/strong> ou <strong>6.8.6<\/strong> Mettre \u00e0 jour. WordPress a \u00e9galement activ\u00e9 les mises \u00e0 jour automatiques forc\u00e9es pour les versions concern\u00e9es.<\/p><\/div><\/div><\/div><\/div>\n\n\n\n<div class=\"wp-block-lr-contact-post-module\">\n\t<div id=\"lr-contact-form\" class=\"wp-block-lr-contact-post-module\">\n\t\t<div id=\"formular\" class=\"content\">\n\t\t\t<div class=\"inner-content\">\n\t\t\t\t<div class=\"column-2 feature-mode\">\n\t\t\t\t\t<h2><br>Demandez maintenant une D\u00e9mo en direct personelle<\/h2>\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div>\n\t\t\t\t\t\t\t\t<p class=\"margin-b-36\">Identifiez et r\u00e9duisez vos cyber-risques gr\u00e2ce \u00e0 un aper\u00e7u comparable et compr\u00e9hensible de votre s\u00e9curit\u00e9 informatique. Demandez conseil \u00e0 nos experts et d\u00e9couvrez comment LocateRisk peut vous aider \u00e0 r\u00e9soudre vos cyber-risques.<\/p>\n\t\t\t\t\t\t\t<\/div>\t\n\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div> \n\t\t\t\t<div class=\"column-2\">\n\t\t\t\t\t<form action=\"\" class=\"form\" method=\"post\" role=\"form\" novalidate data-trp-original-action=\"\">\n\t\t\t\t\t\t<input type=\"text\" id=\"successmessage\" name=\"successmessage\" value=\"Ihre Registrierung war erfolgreich Ihre Anfrage wurde erfolgreich versendet. Wir haben Ihnen soeben eine Best\u00e4tigungsmail mit einem Aktivierungs-Link zugesendet, um einem Missbrauch Ihrer E-Mail Adresse durch Dritte vorzubeugen. Die Mail wird von sales@locaterisk.com versendet und sollte sich i n wenigen Minuten in Ihrem Posteingang finden.\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"errormessage\" name=\"errormessage\" value=\"Da ist wohl etwas schief gelaufen. Bitte probieren Sie es erneut oder nehmen Sie direkt mit uns Kontakt auf\" hidden>\n\t\t\t\t\t\t<input type=\"text\" id=\"slug\" name=\"slug\" value=\"wordpress-core-rce-wp2shell-6-9-7-0\" hidden>\n\n\t\t\t\t\t\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"name\"\n\t\t\t\t\t\t\t\tname=\"name\"\n\t\t\t\t\t\t\t\tplaceholder=\"Pr\u00e9nom\"\n\t\t\t\t\t\t\t\trequired\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\t\tid=\"surname\"\n\t\t\t\t\t\t\t\tname=\"surname\"\n\t\t\t\t\t\t\t\tplaceholder=\"Nom\"\n\t\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"email\"\n\t\t\t\t\t\t\tid=\"email\"\n\t\t\t\t\t\t\tname=\"email\"\n\t\t\t\t\t\t\tplaceholder=\"Courrier \u00e9lectronique\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\n\t\t\t\t\t\t<input\n\t\t\t\t\t\t\ttype=\"text\"\n\t\t\t\t\t\t\tid=\"phone\"\n\t\t\t\t\t\t\tname=\"phone\"\n\t\t\t\t\t\t\tplaceholder=\"T\u00e9l\u00e9phone\"\n\t\t\t\t\t\t\trequired\n\t\t\t\t\t\t\tmaxlength=\"50\"\/>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t<h6 class=\"error-message\" hidden>...<\/h6>\n\t\t\t\t\t\t<div class=\"checkbox_container\">\n\t\t\t\t\t\t\t<div class=\"checkbox\">\n\t\t\t\t\t\t\t\t<input\n\t\t\t\t\t\t\t\t\ttype=\"checkbox\"\n\t\t\t\t\t\t\t\t\tid=\"checkbox\"\n\t\t\t\t\t\t\t\t\tname=\"checkbox\" \/>\n\n\t\t\t\t\t\t\t\t<label for=\"checkbox\"><\/label>\n\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<p class=\"translation-block\">Je suis d'accord avec la politique de confidentialit\u00e9<\/p> \n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\n\t\t\t\t\t<div class=\"g-recaptcha\" data-sitekey=\"6LdErNoZAAAAAD1Re2jNxtDFfcDaL9iED5MRBzjR\" data-callback=\"verifyRecaptchaCallback\" data-expired-callback=\"expiredRecaptchaCallback\"><\/div>\n\t\t\t\t\t<input type=\"hidden\" name=\"g-recaptcha-response\" data-recaptcha \/>\n\n\t\t\t\t\t\t<button class=\"lr-button-link\" type=\"submit\"> Demander une d\u00e9mo<\/button>\n\t\t\t\t\t<input type=\"hidden\" name=\"trp-form-language\" value=\"fr\"\/><\/form>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/div>\n\t\n\t<\/div>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity is-style-wide\"\/>\n\n\n\n<div class=\"wp-block-lr-contact-module\"><div class=\"content\"><h2>En savoir plus, r\u00e9server une d\u00e9mo ou simplement \u00e9changer quelques mots ? Nous nous en r\u00e9jouissons !<\/h2><div class=\"contact-info-row\"><div class=\"contact-person-info\"><div class=\"avatar\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2025\/06\/Lukas_Baumann_LocateRisk-300.png\"><\/div><p><span class=\"text before\">Votre Contact<\/span><span class=\"bold name\"><strong>Lukas<\/strong><\/span> <span class=\"lastname\"><strong>Baumann<strong><\/strong><\/strong><\/span><strong><strong><span class=\"separator\"><\/span><span class=\"role\">PDG<\/span><\/strong><\/strong><\/p><\/div><p class=\"bold phone\"><strong><strong>+49 6151 6290246<\/strong><\/strong><\/p><strong><strong><a class=\"pr-1\" href=\"mailto: sales@locaterisk.com\">Contactez-nous maintenant<\/a><\/strong><\/strong><\/div><\/div><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-lr-footer-module lr-footer-block\"><div class=\"content\"><div class=\"column0\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/plugins\/locate-risk-prod\/lr-blocks\/assets\/img\/lr-logo.svg\"\/><\/div><div class=\"categories\"><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/locaterisk.com\/fr\/\">Accueil<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/blog\/\">Blog<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/about\/\">par rapport \u00e0 nous<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/kontakt\/\">Contact<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/impressum\/\">mentiones l\u00e9gales<\/a><\/div><div class=\"categories-break\"><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/datenschutz\/\">Confidentialit\u00e9<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/files\/agb.pdf\">CONDITIONS G\u00c9N\u00c9RALES DE VENTE<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"\/fr\/jobs\/\">Carri\u00e8re<\/a><\/div><div class=\"categories-element\"><a class=\"pr-4\" href=\"https:\/\/app.secfix.com\/trust\/locaterisk\/d1e7d433b33643aea1880bfbfeab9f60\">Centre de confiance<\/a><\/div><\/div><div class=\"social\"><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.linkedin.com\/company\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/10\/gruppe-230@3x.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/www.instagram.com\/locaterisk\/\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Instagram.png\"\/><\/a><\/div><div class=\"social-element\"><a target=\"_blank\" href=\"https:\/\/twitter.com\/locaterisk\"><img decoding=\"async\" src=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/twitter.png\"\/><\/a><\/div><\/div><div class=\"description\"><h6>\u00a9 LocateRisk 2026<\/h6><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Une vuln\u00e9rabilit\u00e9 critique (CVE-2026-63030) dans le c\u0153ur de WordPress permet l'ex\u00e9cution de code \u00e0 distance sans authentification. Les versions jusqu'\u00e0 la 7.0.1 sont concern\u00e9es. Des mesures doivent \u00eatre prises.<\/p>","protected":false},"author":13,"featured_media":9139,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[632],"tags":[739,738,113,111,327,666,740],"class_list":["post-9181","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-news","tag-cve-2026-60137","tag-cve-2026-63030","tag-rce","tag-remote-code-execution","tag-wordpress","tag-wordpress-sicherheit","tag-wp2shell"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>CVE-2026-63030: Kritische RCE-L\u00fccke in WordPress Core<\/title>\n<meta name=\"description\" content=\"Eine kritische Schwachstelle (CVE-2026-63030) in WordPress Core erm\u00f6glicht unauthentifizierte Remote Code Execution. Betroffen sind Versionen bis 7.0.1. Handlungsbedarf besteht.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/locaterisk.com\/fr\/wordpress-core-rce-wp2shell-6-9-7-0\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"CVE-2026-63030: Kritische RCE-L\u00fccke in WordPress Core\" \/>\n<meta property=\"og:description\" content=\"Eine kritische Schwachstelle (CVE-2026-63030) in WordPress Core erm\u00f6glicht unauthentifizierte Remote Code Execution. Betroffen sind Versionen bis 7.0.1. Handlungsbedarf besteht.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/locaterisk.com\/fr\/wordpress-core-rce-wp2shell-6-9-7-0\/\" \/>\n<meta property=\"og:site_name\" content=\"LocateRisk\" \/>\n<meta property=\"article:published_time\" content=\"2026-07-18T09:07:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/third-party-vulnerability.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kristina Hoinkis\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kristina Hoinkis\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/wordpress-core-rce-wp2shell-6-9-7-0\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/wordpress-core-rce-wp2shell-6-9-7-0\\\/\"},\"author\":{\"name\":\"Kristina Hoinkis\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/68f3857c15afa8ff59c545848dddcc32\"},\"headline\":\"Kritische RCE-L\u00fccke in WordPress Core (CVE-2026-63030)\",\"datePublished\":\"2026-07-18T09:07:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/wordpress-core-rce-wp2shell-6-9-7-0\\\/\"},\"wordCount\":895,\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/wordpress-core-rce-wp2shell-6-9-7-0\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/third-party-vulnerability.png\",\"keywords\":[\"CVE-2026-60137\",\"CVE-2026-63030\",\"RCE\",\"Remote Code Execution\",\"WordPress\",\"WordPress Sicherheit\",\"wp2shell\"],\"articleSection\":[\"Cybersecurity News\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/wordpress-core-rce-wp2shell-6-9-7-0\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/wordpress-core-rce-wp2shell-6-9-7-0\\\/\",\"name\":\"CVE-2026-63030: Kritische RCE-L\u00fccke in WordPress Core\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/wordpress-core-rce-wp2shell-6-9-7-0\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/wordpress-core-rce-wp2shell-6-9-7-0\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/third-party-vulnerability.png\",\"datePublished\":\"2026-07-18T09:07:21+00:00\",\"description\":\"Eine kritische Schwachstelle (CVE-2026-63030) in WordPress Core erm\u00f6glicht unauthentifizierte Remote Code Execution. Betroffen sind Versionen bis 7.0.1. Handlungsbedarf besteht.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/wordpress-core-rce-wp2shell-6-9-7-0\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/locaterisk.com\\\/de\\\/wordpress-core-rce-wp2shell-6-9-7-0\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/wordpress-core-rce-wp2shell-6-9-7-0\\\/#primaryimage\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/third-party-vulnerability.png\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/third-party-vulnerability.png\",\"width\":400,\"height\":400,\"caption\":\"third-party-vulnerability\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/wordpress-core-rce-wp2shell-6-9-7-0\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/locaterisk.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Kritische RCE-L\u00fccke in WordPress Core (CVE-2026-63030)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#website\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"name\":\"LocateRisk\",\"description\":\"IT-Sicherheit messen und vergleichen\",\"publisher\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#organization\",\"name\":\"LocateRisk\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"contentUrl\":\"https:\\\/\\\/locaterisk.com\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/Kettenglieder_V0216-9.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"LocateRisk\"},\"image\":{\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/locaterisk\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/locaterisk.com\\\/de\\\/#\\\/schema\\\/person\\\/68f3857c15afa8ff59c545848dddcc32\",\"name\":\"Kristina Hoinkis\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g\",\"caption\":\"Kristina Hoinkis\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"CVE-2026-63030: Kritische RCE-L\u00fccke in WordPress Core","description":"Une vuln\u00e9rabilit\u00e9 critique (CVE-2026-63030) dans le c\u0153ur de WordPress permet l'ex\u00e9cution de code \u00e0 distance sans authentification. Les versions jusqu'\u00e0 la 7.0.1 sont concern\u00e9es. Des mesures doivent \u00eatre prises.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/locaterisk.com\/fr\/wordpress-core-rce-wp2shell-6-9-7-0\/","og_locale":"fr_FR","og_type":"article","og_title":"CVE-2026-63030: Kritische RCE-L\u00fccke in WordPress Core","og_description":"Eine kritische Schwachstelle (CVE-2026-63030) in WordPress Core erm\u00f6glicht unauthentifizierte Remote Code Execution. Betroffen sind Versionen bis 7.0.1. Handlungsbedarf besteht.","og_url":"https:\/\/locaterisk.com\/fr\/wordpress-core-rce-wp2shell-6-9-7-0\/","og_site_name":"LocateRisk","article_published_time":"2026-07-18T09:07:21+00:00","og_image":[{"width":400,"height":400,"url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/third-party-vulnerability.png","type":"image\/png"}],"author":"Kristina Hoinkis","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"Kristina Hoinkis","Dur\u00e9e de lecture estim\u00e9e":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/locaterisk.com\/de\/wordpress-core-rce-wp2shell-6-9-7-0\/#article","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/wordpress-core-rce-wp2shell-6-9-7-0\/"},"author":{"name":"Kristina Hoinkis","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/68f3857c15afa8ff59c545848dddcc32"},"headline":"Kritische RCE-L\u00fccke in WordPress Core (CVE-2026-63030)","datePublished":"2026-07-18T09:07:21+00:00","mainEntityOfPage":{"@id":"https:\/\/locaterisk.com\/de\/wordpress-core-rce-wp2shell-6-9-7-0\/"},"wordCount":895,"publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"image":{"@id":"https:\/\/locaterisk.com\/de\/wordpress-core-rce-wp2shell-6-9-7-0\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/third-party-vulnerability.png","keywords":["CVE-2026-60137","CVE-2026-63030","RCE","Remote Code Execution","WordPress","WordPress Sicherheit","wp2shell"],"articleSection":["Cybersecurity News"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/locaterisk.com\/de\/wordpress-core-rce-wp2shell-6-9-7-0\/","url":"https:\/\/locaterisk.com\/de\/wordpress-core-rce-wp2shell-6-9-7-0\/","name":"CVE-2026-63030: Kritische RCE-L\u00fccke in WordPress Core","isPartOf":{"@id":"https:\/\/locaterisk.com\/de\/#website"},"primaryImageOfPage":{"@id":"https:\/\/locaterisk.com\/de\/wordpress-core-rce-wp2shell-6-9-7-0\/#primaryimage"},"image":{"@id":"https:\/\/locaterisk.com\/de\/wordpress-core-rce-wp2shell-6-9-7-0\/#primaryimage"},"thumbnailUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/third-party-vulnerability.png","datePublished":"2026-07-18T09:07:21+00:00","description":"Une vuln\u00e9rabilit\u00e9 critique (CVE-2026-63030) dans le c\u0153ur de WordPress permet l'ex\u00e9cution de code \u00e0 distance sans authentification. Les versions jusqu'\u00e0 la 7.0.1 sont concern\u00e9es. Des mesures doivent \u00eatre prises.","breadcrumb":{"@id":"https:\/\/locaterisk.com\/de\/wordpress-core-rce-wp2shell-6-9-7-0\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/locaterisk.com\/de\/wordpress-core-rce-wp2shell-6-9-7-0\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/locaterisk.com\/de\/wordpress-core-rce-wp2shell-6-9-7-0\/#primaryimage","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/third-party-vulnerability.png","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2026\/07\/third-party-vulnerability.png","width":400,"height":400,"caption":"third-party-vulnerability"},{"@type":"BreadcrumbList","@id":"https:\/\/locaterisk.com\/de\/wordpress-core-rce-wp2shell-6-9-7-0\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/locaterisk.com\/"},{"@type":"ListItem","position":2,"name":"Kritische RCE-L\u00fccke in WordPress Core (CVE-2026-63030)"}]},{"@type":"WebSite","@id":"https:\/\/locaterisk.com\/de\/#website","url":"https:\/\/locaterisk.com\/de\/","name":"LocateRisk","description":"Mesurer et comparer la s\u00e9curit\u00e9 informatique","publisher":{"@id":"https:\/\/locaterisk.com\/de\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/locaterisk.com\/de\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/locaterisk.com\/de\/#organization","name":"LocateRisk","url":"https:\/\/locaterisk.com\/de\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/","url":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","contentUrl":"https:\/\/locaterisk.com\/wp-content\/uploads\/2020\/11\/Kettenglieder_V0216-9.jpg","width":1920,"height":1080,"caption":"LocateRisk"},"image":{"@id":"https:\/\/locaterisk.com\/de\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/locaterisk\/"]},{"@type":"Person","@id":"https:\/\/locaterisk.com\/de\/#\/schema\/person\/68f3857c15afa8ff59c545848dddcc32","name":"Kristina Hoinkis","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7756f96249844e60ceb218f17e06217dcbed4993bcd2124e3f59bb8675324f0d?s=96&d=mm&r=g","caption":"Kristina Hoinkis"}}]}},"_links":{"self":[{"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/posts\/9181","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/comments?post=9181"}],"version-history":[{"count":1,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/posts\/9181\/revisions"}],"predecessor-version":[{"id":9182,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/posts\/9181\/revisions\/9182"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/media\/9139"}],"wp:attachment":[{"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/media?parent=9181"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/categories?post=9181"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/locaterisk.com\/fr\/wp-json\/wp\/v2\/tags?post=9181"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}