Source evidence

Clean up Post CVE-2026-8181 breach

Burst Statistics – Simple WordPress Analytics (Google Analytics Alternative) · support · 2026-05-31T11:47:00+00:00

Burst Statistics – Simple WordPress Analytics (Google Analytics Alternative) plugin evidence original source source API

complaintsentiment

highseverity

1.0relevance

4replies

Evidence linked to opportunitycommercial context

Proof Health

Open evidence

Commercial opportunities need traceable source links before they are treated as build-worthy.

5 / 31 rows with source links

16.1% of this page's analysis has direct source links.

0 build-decision rows missing links

0 rows here require auditable proof before promotion.

26 rows with no attached evidence

0 rows have source counts but still need direct links.

Conversation

support

rlddg unresolved

Hey fellow WordPressers I’m pretty new to Web Administrating and got caught up in the admin permissions breach introduced with the Burst Statistics 3.4 update. Although I updated to the latest Burst 3.4.3, several unauthorised administration accounts exploiting the weakness remained. The 10 accounts entitled: burst_ random numbers were assigned protonmail.com email addresses. They’re deleted now. I also revoked Administration permissions Burst MainWP from my admin account. Thus far, Broken Link Check identified no broken links, which is a good sign, I think. So I believe I removed them before any damage was done. But is there anywhere else I ought to look? Anyone else cleaning up. @rlddg I’m sorry to hear you were affected. It sounds like you’re on top of things. It’s usually best to reinstall WordPress and your plugins and theme, so you can be sure it’s all fresh code. If you install WordFence you can run a scan to check for any leftover issues. This reply was modified 5 hours, 25 minutes ago by Rogier Lankhorst . Thanks, Rogier Reinstalling the theme maybe problematic as I’ve greatly modified the template. As I said, I am quite new to this. Appreciate the fast response. Rachael In that case I’d run a WordFence scan, to catch anything in the theme. Alternatively you can drop the zip in an AI tool and ask it to check for issues. Great, thanks. Working with Gemini at the moment on activity after the breach. It’s looking benign. Will run the WordFence scan afterwards. *edited to reflect current findings This reply was modified 4 hours, 9 minutes ago by rlddg .

Commercial Context

Opportunity

automation and reporting layer

Google Analytics reporting and automation assurance for turning WordPress activity into automated reporting and handoffs

Buyer: agencies, operators, and marketing teams

Wedge: verify Google Analytics tracking, report freshness, automation handoffs, and client-visible metrics

Proof Blocked card complete market

Analysis

heuristic-v1

Summary: Clean up Post CVE-2026-8181 breach: users show bugs, compatibility, support pain that may indicate a product gap.

Evidence quote: The 10 accounts entitled: burst_ random numbers were assigned protonmail.com email addresses.

Affected feature: email

bugs compatibility support setup

Plugin

API

Burst Statistics – Simple WordPress Analytics (Google Analytics Alternative)

200.0K active installs · 7.8M downloads · rating 98.0

analytics cookieless analytics google analytics statistics visitor tracking

Comments

4 shown

Rogier Lankhorst 2026-05-31T14:47:00+00:00

@rlddg I’m sorry to hear you were affected. It sounds like you’re on top of things. It’s usually best to reinstall WordPress and your plugins and theme, so you can be sure it’s all fresh code. If you install WordFence you can run a scan to check for any leftover issues. This reply was modified 5 hours, 25 minutes ago by Rogier Lankhorst .

rlddg 2026-05-31T15:01:00+00:00

Thanks, Rogier Reinstalling the theme maybe problematic as I’ve greatly modified the template. As I said, I am quite new to this. Appreciate the fast response. Rachael

Rogier Lankhorst 2026-05-31T15:10:00+00:00

In that case I’d run a WordFence scan, to catch anything in the theme. Alternatively you can drop the zip in an AI tool and ask it to check for issues.

rlddg 2026-05-31T15:47:00+00:00

Great, thanks. Working with Gemini at the moment on activity after the breach. It’s looking benign. Will run the WordFence scan afterwards. *edited to reflect current findings This reply was modified 4 hours, 9 minutes ago by rlddg .