kirki plugin

The Kirki plugin is a popular WordPress theme customizer framework that has recently been affected by a critical security vulnerability. CVE-2026-8206 is a privilege escalation flaw in Kirki versions 6.0.0 through 6.0.6, fixed in version 6.0.7, which was reported as already being exploited to hijack administrator accounts. Site owners are urged to update Kirki immediately and review administrator users, password reset activity, and any theme or framework bundles that may have included Kirki. This incident highlights how WordPress security risks can hide in dependencies that themes bring along.