Skip to content
The Nexus
SECURITYJun 2 · 22:12 UTCBLEEPING COMPUTERBill Toulas

Critical Kirki flaw exploited to hijack WordPress admin accounts

Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including administrators. The flaw allows unauthorized access to WordPress admin accounts through the Kirki plugin.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting