Security News Critical Kirki flaw exploited to hijack WordPress admin accounts BleepingComputer Daniel Bender 02 Jun 2026 Share Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators.
