WordPress plugin and theme vulnerabilities reported May 14-20, 2026, include AI Engine privilege escalation and Burst Statistics authentication bypass

WordPress plugins and themes had 13 vulnerabilities reported between May 14-20, 2026, with AI Engine and Burst Statistics posing risks of privilege escalation and authentication bypass. Key issues include unauthorized access to form data via Fluent Forms and potential Google OAuth token theft from MonsterInsights, highlighting threats targeting AI and external integrations. The vulnerabilities underscore the need for comprehensive security, including managing low-privilege users and reviewing external service connections beyond simple plugin updates.