Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Burst Statistics authentication bypass (CVE-2026-8181)

Vulnerability
First reported
Last updated
Happening score
H score 20
1 unique sources, 1 articles

Summary

Hide ▲

Burst Statistics on WordPress sites is facing active exploitation of CVE-2026-8181, a critical authentication bypass that can let unauthenticated attackers impersonate admins and create rogue accounts. The plugin is installed on about 200,000 sites, making the exposure broad. A fixed release, 3.4.2, is available, and defenders are being urged to update quickly.

Related Happenings

Funnel Builder plugin WordPress arbitrary JavaScript injection actively exploited security flaw

Vulnerability
First: 16.05.2026 18:20 Last: 16.05.2026 18:20 Sources 1

About this happening: **Funnel Builder** for **WordPress** is under **active exploitation** for arbitrary JavaScript injection into **WooCommerce checkout pages**, creating payment-skimming risk across...

Open Happening

Nginx UI auth-bypass exploitation wave (CVE-2026-33032)

Exploitation Wave
First: 16.04.2026 01:35 Last: 16.04.2026 01:35 Sources 1

About this happening: **CVE-2026-33032** is now **actively exploited**, creating immediate risk for **publicly exposed Nginx UI** instances that rely on the vulnerable **/mcp_message** endpoint. Intern...

Open Happening

F5 BIG-IP APM active exploitation wave (CVE-2025-53521)

Exploitation Wave
First: 02.04.2026 11:25 Last: 02.04.2026 11:25 Sources 1

About this happening: As of **2026-04-02**, ongoing attacks are exploiting **CVE-2025-53521** against **F5 BIG-IP APM** systems, leaving more than **14,000** exposed online and at risk of remote code e...

Open Happening

CISA KEV patch directive for CVE-2025-53521

Advisory/Mitigation
First: 30.03.2026 10:07 Last: 30.03.2026 10:07 Sources 1

About this happening: CISA added **CVE-2025-53521** to its **KEV catalog** and told **federal agencies** to patch the F5 BIG-IP flaw within **three days**. The directive is urgent because the bug is be...

Open Happening

React2Shell (CVE-2025-55182) mass scanning and exploitation wave

Exploitation Wave
First: 20.02.2026 23:07 Last: 20.02.2026 23:07 Sources 1

About this happening: **CVE-2025-55182 (React2Shell)** is being **actively exploited** across **React Server Components (RSC)** and **Next.js** environments, with reports now adding a **ransomware gang...

Open Happening

Timeline

  1. 15.05.2026 00:07 1 articles · 13d ago

    CVE-2026-8181 introduced in Burst Statistics 3.4.0

    Technical Analysis Update

    Burst Statistics version 3.4.0 introduced CVE-2026-8181 on April 23, and the same vulnerable code was also present in version 3.4.1, creating an authentication-bypass condition in the WordPress plugin's REST API authentication handling.

    Show sources
    Open in new tab
  2. 15.05.2026 00:07 1 articles · 13d ago

    Wordfence discloses CVE-2026-8181

    Initial Disclosure

    Wordfence discovered CVE-2026-8181 on May 8 and described an authentication bypass that lets an unauthenticated attacker who knows a valid administrator username impersonate that administrator during REST API requests, with the worst case allowing a rogue administrator-level account to be created.

    Show sources
    Open in new tab
  3. 15.05.2026 00:07 1 articles · 13d ago

    Burst Statistics 3.4.2 patch for CVE-2026-8181 released

    Mitigation Patch Update

    A patched Burst Statistics release, version 3.4.2, was released on May 12, 2026, and site operators were told to upgrade or disable the plugin to remove CVE-2026-8181 exposure.

    Show sources
    Open in new tab
  4. 15.05.2026 00:07 2 articles · 13d ago

    Wordfence tracks active exploitation of CVE-2026-8181

    Exploitation Observed

    Wordfence's tracker showed over 7,400 blocked attacks targeting CVE-2026-8181 in the 24 hours before May 14, 2026, and the firm said malicious activity had already begun against Burst Statistics on WordPress sites.

    Show sources
    Open in new tab