VulnerabilityBleeping Computer
9.8 — CRITICAL
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Hackers are exploiting a critical authentication bypass vulnerability in the Burst Statistics WordPress plugin, allowing them to gain admin-level access to affected websites, and potentially plant malware or create rogue admin users.
⚙️Technical Details
💥Impact Assessment
Severity: Critical
🛡️Recommended Actions
1Upgrade to the patched release, version 3.4.2, released on May 12, 2026
2Disable the plugin on affected sites
3Monitor for suspicious activity and update to latest version as soon as possible
📦Affected Products
Product Name: Burst Statistics WordPress pluginVersion Range: 3.4.0 to 3.4.1.1
🔐NVD Verified DataVERIFIED
CVE-2026-8181 ↗CVSS 9.8 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-287
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.