[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:critical-kirki-flaw-exploited-to-hijack-wordpress-admin-accounts-mpzid1wg":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":13,"action_required":16,"article_ids":17,"ioc_summary":19,"source_urls":20,"status":22,"expires_at":23,"created_at":24,"updated_at":25,"articles":26},"cea4ffc7-8767-4162-b83b-e329cb23cda7","Critical Kirki flaw exploited to hijack WordPress admin accounts","critical-kirki-flaw-exploited-to-hijack-wordpress-admin-accounts-mpzid1wg","Critical privilege escalation flaw in Kirki WordPress plugin (CVE-2026-8206) allows unauthenticated attackers to reset any user account including admins via an unvalidated REST API endpoint. Wordfence has already blocked 222+ exploitation attempts in 24 hours. Any WordPress site running Kirki versions up to 6.0.6 is actively at risk of full admin account compromise.","critical","advisory",[12],"CVE-2026-8206",[14,15],"Kirki - Freeform Page Builder, Website Builder & Customizer","Defiant (Wordfence)","Immediately identify all WordPress instances running Kirki plugin and patch to version 6.0.7 or later. Search logs for POST requests to \u002Fwp-json\u002Fkirki* endpoints with password reset parameters and review password reset events for suspicious email redirects.",[18],"f1ffe17e-7479-48bf-8c13-cb63e5cfff01",null,[21],"https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fcritical-kirki-flaw-exploited-to-hijack-wordpress-admin-accounts\u002F","active","2026-06-06T13:05:18.882+00:00","2026-06-04T13:05:26.81041+00:00","2026-06-04T13:08:31.533747+00:00",[27],{"id":18,"title":6,"url":21}]