Secure Bulletin Navigating the cyber sea with knowledge
Home > Tag > CVE-2026-8206
#CVE-2026-8206

CVE-2026-8206 (CVSS 9.8): Kirki WordPress Plugin Flaw Lets Attackers Steal Admin Accounts on 500,000+ Sites

4 June 2026  |  dark6  |  Vulnerability

A critical unauthenticated privilege escalation flaw (CVE-2026-8206, CVSS 9.8) in the Kirki WordPress plugin allows attackers to redirect password reset emails and take over administrator accounts. Over 150,000...

>> read more