News CVE-2026-8206: Password reset flaw in Kirki plugin could enable account takeover June 2, 2026 / June 2, 2026 by Alex Mira | Leave a Comment CVE-2026-8206 affects Kirki 6.0.0–6.0.6, allowing password reset emails to be sent to attacker-controlled addresses. Update from the WordPress directory now. Read more » Account Takeover CVE-2026-8206 Kirki Plugin security Privilege escalation vulnerability wordpress
