Vulnerabilities4 min read
WordPress Kirki Flaw Lets Attackers Hijack Admin Accounts
CVE-2026-8206 (CVSS 9.8) in the Kirki WordPress plugin enables unauthenticated account takeover via password reset manipulation. Over 500,000 sites at risk.
Marcus ChenJun 5, 2026