Summary
A critical authentication bypass vulnerability in the Burst Statistics WordPress plugin (CVE-2026-8181) allows unauthenticated attackers to impersonate administrators and take over websites.
Take Action:
If you use the Burst Statistics plugin for WordPress (versions 3.4.0 through 3.4.1.1), update immediately to version 3.4.2 or later, or deactivate the plugin until you can patch. The plugin is actively hacked. After updating, check your site for any unfamiliar administrator accounts and review logs for suspicious REST API activity. Attackers may have already taken over.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)