Critical Kirki flaw exploited to hijack WordPress admin accounts
Over Security - Cybersecurity news aggregator [Unofficial]
June 2, 2026
Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators.
Discussion in the ATmosphere