Critical Kirki flaw hijacks WordPress admin accounts
A critical privilege escalation flaw (CVE-2026-8206) in the Kirki WordPress plugin enables attackers to take over any user account, including admins. Exploitation permits elevation of privileges, credential access, and potential full site compromise, underscoring the need for patching and credential hardening. Act now..











