On May 13th, 2026, we publicly disclosed a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with 200,000 active installations. This vulnerability can be leveraged by unauthenticated attackers, with knowledge of an administrator username, to impersonate that administrator and achieve complete site takeover. The vendor released the fully patched version on May 13th, 2026. We disclosed this vulnerability in the Wordfence Intelligence vulnerability database and in a blog post on the same day.
The post Attackers Actively Exploiting Critical Vulnerability in Burst Statistics Plugin appeared first on Wordfence.
This article has been indexed from Blog – Wordfence
Read the original article: