Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

CVE-2026-8181 is a CVSS 9.5 authentication bypass in the Burst Statistics WordPress plugin (versions 3.4.0 and 3.4.1) that allows unauthenticated attackers to create WordPress administrator accounts and take full control of affected sites. Active mass exploitation is confirmed. Approximately 115,000 of 200,000 active installs remain unpatched as of May 14, 2026. The patch is available in version 3.4.2.

Author

Tech Jacks Solutions