Storia in 3 fonti

Critical Kirki flaw exploited to hijack WordPress admin accounts

Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators.

Raccontata da

bleepingcomputer.com

thenextweb.com

securityweek.com

Confronto fonti

3 prospettive sulla stessa storia

AI · summaries

bleepingcomputer.comStai leggendo19 h fa

Critical Kirki flaw exploited to hijack WordPress admin accounts

Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators.

originale

securityweek.com4 h fa

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers' Crosshairs

Threat actors are exploiting recent Kirki and Burst Statistics WordPress plugin flaws leading to privilege escalation and site takeover.

Leggi questa versione → originale

thenextweb.com2 g fa

WP Maps Pro WordPress flaw exploited to create admin accounts

Unauthenticated attackers exploited CVE-2026-8732 in WP Maps Pro (15k+ sales) to create admin accounts; Wordfence blocked 2,858 attacks in 24 hours before patch v6.1.1. Plugin distributed outside WordPress.org auto-update channel leaves installations unpatched; disclosure-to-exploitation window now hours-long, demanding immediate update or disable.

Leggi questa versione → originale

Timeline cronologica

domenica 31 maggio 2026·bleepingcomputer.com
WP Maps Pro bug exploited to create admin accounts on WordPress sites
Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication.
lunedì 1 giugno 2026·thenextweb.com
WP Maps Pro WordPress flaw exploited to create admin accounts
CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.
mercoledì 3 giugno 2026·bleepingcomputer.com
Critical Kirki flaw exploited to hijack WordPress admin accounts
Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to…
mercoledì 3 giugno 2026·securityweek.com
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers' Crosshairs
Threat actors are exploiting recent Kirki and Burst Statistics WordPress plugin flaws leading to privilege escalation and site takeover.

Critical Kirki flaw exploited to hijack WordPress admin accounts

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers' Crosshairs

WP Maps Pro WordPress flaw exploited to create admin accounts

Timeline cronologica

WP Maps Pro bug exploited to create admin accounts on WordPress sites

WP Maps Pro WordPress flaw exploited to create admin accounts

Critical Kirki flaw exploited to hijack WordPress admin accounts

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers' Crosshairs

Critical Kirki flaw exploited to hijack WordPress admin accounts

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers' Crosshairs

WP Maps Pro WordPress flaw exploited to create admin accounts

Timeline cronologica

WP Maps Pro bug exploited to create admin accounts on WordPress sites

WP Maps Pro WordPress flaw exploited to create admin accounts

Critical Kirki flaw exploited to hijack WordPress admin accounts

Kirki, Burst Statistics WordPress Plugin Flaws in Attackers' Crosshairs