Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

Attackers actively exploit an authentication bypass vulnerability in the Burst Statistics WordPress plugin to gain administrator privileges on compromised websites. The flaw allows unauthenticated threat actors to escalate their access without valid credentials, providing a direct path to website takeover.

Burst Statistics is a popular analytics plugin installed on thousands of WordPress sites. The authentication bypass vulnerability eliminates the plugin's security checks, permitting attackers to perform administrative actions. Once inside, threat actors can install backdoors, inject malicious code, steal data, or redirect traffic to phishing sites.

WordPress plugin vulnerabilities remain a preferred attack vector because WordPress powers approximately 43 percent of all websites globally. Many site owners delay security patches or run outdated plugin versions, creating windows of opportunity for exploitation. The Burst Statistics vulnerability particularly threatens small and medium-sized businesses that may lack dedicated security teams to monitor and deploy fixes quickly.

Organizations running Burst Statistics should update immediately to a patched version. Site administrators should verify their WordPress dashboard for unauthorized user accounts or suspicious plugin installations. Enabling Web Application Firewall rules that block suspicious requests to the vulnerable plugin endpoints provides temporary protection during the patching window.

The attack chain typically begins with automated scanning for vulnerable Burst Statistics installations. Once identified, attackers execute the bypass to create rogue admin accounts or directly modify site content. Some campaigns chain this vulnerability with malware distribution, turning compromised sites into distribution nodes for further attacks.

WordPress administrators should enforce strong authentication practices across all user accounts and implement two-factor authentication where available. Regular plugin audits help identify outdated or abandoned plugins that pose additional security risks. Security scanning tools can detect unauthorized administrative access or suspicious database modifications indicative of successful exploitation.

The Burst Statistics case underscores why maintaining current plugin versions represents a critical baseline security practice. Delaying patches extends the window where attackers can compromise websites at scale.