Defiant warned that hundreds of thousands of WordPress sites may be exposed to attacks exploiting serious flaws in the Kirki and Burst Statistics plugins. The vulnerabilities could let unauthenticated attackers take over admin accounts and fully compromise affected websites. #Kirki #BurstStatistics #CVE-2026-8206
Keypoints
- Kirki versions 6.0.0 to 6.0.6 are affected by CVE-2026-8206.
- The Kirki flaw can let attackers trigger password resets for high-privileged accounts.
- Burst Statistics versions 3.4.0 to 3.4.1.1 contain an authentication bypass bug.
- The Burst Statistics issue can let attackers impersonate administrators through REST API requests.
- Defiant says thousands of attacks have already been blocked and urges users to update immediately.
Read More: https://www.securityweek.com/kirki-burst-statistics-wordpress-plugin-flaws-in-attackers-crosshairs/