[SECURITY]■ STORY TIMELINE

KIRKI PLUGIN FLAW LETS HACKERS HIJACK WORDPRESS ADMIN

A critical privilege escalation vulnerability in the popular Kirki WordPress plugin is being actively exploited to compromise administrator accounts. The flaw (CVE-2026-8206) allows attackers to take over any user account on affected sites.

1 SOURCEFIRST SEEN JUN 2, 10:12 PM► READ THE ARTICLE

Bleeping Computer+0m

Critical Kirki flaw exploited to hijack WordPress admin accounts

Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress t…

◄ BACK TO ARTICLE