The Next Web

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

A critical vulnerability (CVE-2026-8732, CVSS 9.8) in the WP Maps Pro WordPress plugin allows unauthenticated attackers to create admin accounts and take over sites. Wordfence blocked 2,858 ...
Hosted on MSN

Critical WP Maps Pro vulnerability exploited to create WordPress admin accounts

Researchers disclosed a critical flaw in WP Maps Pro allowing attackers to create hardcoded admin accounts Exploitation is active: Wordfence blocked over 3,600 attempts in a single day Patch released ...