Summary
Attackers are exploiting a critical authentication bypass in the Burst Statistics WordPress plugin (CVE-2026-8181) to gain full administrative control and create unauthorized accounts.
Take Action:
If you use the Burst Statistics plugin for WordPress, update it to version 3.4.2 or 3.4.3 immediately. Attackers are actively taking over sites running vulnerable versions (3.4.0 to 3.4.1.1). After updating, check your WordPress user list for any unauthorized admin accounts created on or after May 13, 2026, and remove them.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)