WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites
Summary
A vulnerability in the WP Maps Pro WordPress plugin, identified as CVE-2026-8732, is being exploited by unauthenticated attackers. This flaw allows attackers to create administrative accounts on vulnerable WordPress sites.
IFF Assessment
The vulnerability allows attackers to gain administrative control of WordPress sites, posing a direct threat to defenders.
Severity
The vulnerability allows for unauthenticated administrative access, which has a high attack vector and critical impact, leading to a near-maximum CVSS score.
Defender Context
This exploitation highlights the critical need for prompt patching of WordPress plugins, especially those with administrative access vulnerabilities. Defenders should be vigilant about monitoring for unauthorized account creations and unauthorized changes on their WordPress sites. Keeping all plugins updated is a fundamental defense against such threats.