Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
Summary
Threat actors are actively exploiting a critical vulnerability in the WP Maps Pro WordPress plugin to create unauthorized administrator accounts. This plugin, used by over 15,000 sites, allows for custom map embedding.
IFF Assessment
The active exploitation of a critical vulnerability to gain administrative control of websites poses a significant threat to defenders.
Severity
This vulnerability allows for unauthorized administrative account creation, which has a critical impact. The attack vector is likely through unauthenticated user input, and it is easily exploitable, leading to a high CVSS score.
Defender Context
Defenders should prioritize patching or disabling the WP Maps Pro plugin immediately, as it is under active exploitation. This incident highlights the ongoing risk posed by popular WordPress plugins and the need for continuous monitoring and prompt security updates.