Run the read-only SA WPCode RCE pattern monitor against the live Flexible/Vultr WordPress root only, with no WordPress writes.
/Users/samaguiar/Documents/Projects/.credentials/vault.env locally, but did not print secrets.curl -sS "<https://aguiarinjurylawyers.com/?seonc=codex_probe_20260616>"curl -ksS --resolve "aguiarinjurylawyers.com:443:$CLOUDWAYS_FLEXIBLE_PUBLIC_IP" "<https://aguiarinjurylawyers.com/?seonc=codex_probe_20260616>"cd /home/1615235.cloudwaysapps.com/fctbkwwahp/public_html && pwdwp db query "SELECT post_status, COUNT(*) AS count FROM wp_posts WHERE post_type='wpcode' GROUP BY post_status ORDER BY post_status;"wp db query "SELECT ID, post_status, post_title FROM wp_posts WHERE post_type='wpcode' AND post_status='publish' ORDER BY ID;"wp db query for seonc, base64_decode, eval(, shell functions, and request vars on published or draft wpcode rows.wp db query for casino, porn, and viagra on post_title and post_name with post_status='publish'.wp db query for option_name LIKE '%wpcode%' and dangerous indicators in option_value.find wp-content/uploads -type f -name '*.php' | sortgrep -RIn --include='*.php' 'seonc' wp-content and grep -RInE --include='*.php' 'shell_exec|passthru|proc_open|base64_decode|eval[[:space:]]*\(|assert[[:space:]]*\(' wp-content | head -n 200200.codex_probe_20260616 appeared once in each response, only inside a hidden _wp_http_referer field. No execution behavior was observed./home/1615235.cloudwaysapps.com/fctbkwwahp/public_html.27 published and 19 draft.43605 Sitewide Custom SEO Schema, uses nonce-guarded $_POST review-stats fields.60660 Fix: 4xx Batch 301 Redirects - April 2026, includes a legacy $_GET['page_id'] redirect check.