WordPress Burst Statistics 3.4.0-3.4.1.1 - Authentication Bypass

Burst Statistics – Privacy-Friendly WordPress Analytics plugin 3.4.0 to 3.4.1.1 contains an authentication bypass caused by incorrect return-value handling in ismainwpauthenticated function, letting unauthenticated attackers impersonate administrators, exploit requires knowledge of an administrat...

📄 WordPress Burst Statistics 3.4.1.1 Authentication Bypass

WordPress Burst Statistics plugin versions 3.4.0 through 3.4.1.1 authentication bypass to administrative takeover exploitation framework. ================================================================================================================================== | Title : WordPress 3.4.1.1...

Attackers Actively Exploiting Critical Vulnerability in Burst Statistics Plugin

On May 13th, 2026, we publicly disclosed a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with 200,000 active installations. This vulnerability can be leveraged by unauthenticated attackers, with knowledge of an administrator username, to impersonate that...

Exploit for CVE-2026-8181

CVE-2026-8181 — Burst Statistics 3.4.0 – 3.4.1.1 — Authenticat...

Exploit for CVE-2026-8181

CVE-2026-8181 Burst Statistics | Authentication Bypass to Admi...

Exploit for CVE-2026-8181

CVE-2026-8181 — Burst Statistics Authentication Bypass Lab Lo...

Exploit for CVE-2026-8181

CVE-2026-8181 exploit Burst Statistics WordPress Plugin —...

Exploit for CVE-2026-8181

CVE-2026-8181 - Burst Statistics Authentication Bypass Exploit...

Exploit for CVE-2026-8181

EN: Controlled PoC and brief technical notes for authorized secu...

Exploit for CVE-2026-8181

CVE-2026-8181 — Burst Statistics Authentication Bypass to Admi...

WordPress Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin 3.4.0-3.4.1.1 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover vulnerability

Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin 3.4.0-3.4.1.1 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover vulnerability discovered by ? in WordPress Plugin Burst Statistics versions 3.4.0-3.4.1.1...

CVE-2026-8181

The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...

CVE-2026-8181

CVE-2026-8181 affects Burst Statistics – Privacy-Friendly WordPress Analytics (v3.4.0–3.4.1.1). Root cause: is_mainwp_authenticated() passes authentication when wp_authenticate_application_password() returns null outside the REST API, because the code only checks for WP_Error. This allows an unau...

CVE-2026-8181 Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover

The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...

CVE-2026-8181

The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...

CVE-2026-8181 Burst Statistics 3.4.0 - 3.4.1.1 - Authentication Bypass to Admin Account Takeover

The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...

PT-2026-40880

Name of the Vulnerable Software and Affected Versions Burst Statistics versions 3.4.0 through 3.4.1.1 Description An authentication bypass exists in the Burst Statistics plugin for WordPress due to incorrect return-value handling in the is mainwp authenticated function when validating application...

WordPress plugin Burst Statistics – Privacy-Friendly WordPress Analytics 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

VulnCheck KEV: CVE-2026-8181

The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...

200,000 WordPress Sites at Risk from Critical Authentication Bypass Vulnerability in Burst Statistics Plugin

On May 8, 2026, PRISM, Wordfence Threat Intelligence’s autonomous vulnerability research platform, discovered a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with more than 200,000 active installations. The vulnerability was introduced in the code on April 2...