Bottom line: Attackers exploit CVE-2026-8206 in the WordPress Kirki plugin to log in with administrator privileges.
A critical vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress is being actively exploited to compromise administrator accounts. The flaw enables unauthorized privilege escalation on all user accounts.
The security vulnerability CVE-2026-8206 is currently being actively exploited in attack scenarios. WordPress installations using the Kirki plugin are affected. Through this vulnerability, attackers can escalate their permissions without legitimate access and take over arbitrary user accounts.
For CISOs, this has a direct impact on the security of the entire content management system: if a WordPress administrator account is compromised, the attacker effectively gains full control of the website, can inject code, infiltrate further systems, or abuse the website as an attack target. This poses a significant risk to content integrity and the security of underlying systems.
CISOs should immediately review which WordPress installations within their responsibility use the Kirki plugin and initiate appropriate update measures. At the same time, a review of administrator accounts for suspicious logins or changes is recommended.
Source: www.bleepingcomputer.com · Published June 3, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.