Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

2026-06-01

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

A critical vulnerability (CVE-2026-8732, CVSS 9.8) in WP Maps Pro, a WordPress map plugin with over 15,000 sales, allows unauthenticated attackers to create administrator accounts and take control of vulnerable sites.

•The flaw affects versions prior to 6.1.1 and stems from a temporary support access feature with inadequate authentication checks
•Attackers exploit a publicly exposed nonce in frontend JavaScript to invoke the wpgmp_temp_access_support function without authorization
•The vulnerability enables creation of an admin user with a magic login URL that fully authenticates the attacker
•Version 6.1.1, released May 20, 2026, patches the issue by restricting access to authenticated administrators
•Wordfence blocked 2,858 attacks in 24 hours, confirming widespread active exploitation

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues