1 article
Threat actors are actively exploiting an authentication bypass vulnerability in the Burst Statistics WordPress analytics plugin, allowing unauthenticated attackers to gain administrative access to any WordPress site with the plugin installed. Over 100,000 WordPress sites use Burst Statistics. Sites have been observed being defaced, backdoored, and redirected to malicious domains within hours of exploitation.