Admin Access Wipeout: Burst Statistics Plugin Flaw Exposes WordPress to Takeover

May 19, 2026 at 02:22 AM

•

1 min read

Admin Access Wipeout: Burst Statistics Plugin Flaw Exposes WordPress to Takeover — Photo: CyberSecurityNews

TL;DR Summary

A critical vulnerability in the Burst Statistics WordPress plugin (versions 3.4.0–3.4.1.1, CVE-2026-8181) allows unauthenticated attackers to bypass authentication and impersonate an administrator via crafted REST API requests, potentially creating a new admin account and taking over a site. Discovered May 8, 2026 by Wordfence’s PRISM, it was patched in version 3.4.2 on May 12, 2026. The flaw stems from improper handling of authentication in the MainWP integration, enabling exploitation across REST endpoints. admins should immediate patch to 3.4.2+, audit user accounts, and monitor logs to prevent compromise.

Topics:technology #authentication-bypass #burst-statistics #cve-2026-8181 #cybersecurity #vulnerability #wordpress

Share this article

Critical Wordpress Plugin Vulnerability Exposes Websites to Authentication Bypass Attacks CyberSecurityNews
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin BleepingComputer
1 Million WordPress Websites Exposed by Avada Builder Security Vulnerabilities gbhackers.com
Critical vulnerability in Burst Statistics plugin allows admin takeover | brief | SC Media SC Media
Burst Statistics WordPress flaw under attack Bitdefender

Reading Insights

Total Reads

Unique Readers

Time Saved

57 min

vs 58 min read

Condensed

99%

11,454 → 87 words

Want the full story? Read the original article

Read on CyberSecurityNews

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights