Originally published at: Critical auth bypass in Burst Statistics plugin puts 200,000 WordPress sites at risk - ToolsLib Blog
A critical auth bypass in the Burst Statistics WordPress plugin (CVE-2026-8181) could let attackers impersonate admins via the REST API. A patch is available; update now. A separate low-severity bypass in Advanced Access Manager (CVE-2026-42674) is fixed in 7.1.1.