SecurityThe Next Web4 days ago

CVE-2026-8732 Lets Unauthenticated Users Create Admin Accounts in WP Maps Pro

1 min read

A critical vulnerability in WP Maps Pro, tracked as CVE-2026-8732 with a CVSS score of 9.8, allows unauthenticated attackers to create administrative accounts and take over WordPress sites. The plugin, used by over 15,000 customers on Envato Market, has been actively exploited. Wordfence blocked 2,858 exploitation attempts within 24 hours. The flaw enables attackers to bypass authentication and gain full site control. WP Maps Pro includes a temporary access feature for vendor logging, which may have contributed to the vulnerability's exposure.

Level

Hype check

Tap to vote and see what everyone thinks.

#wpmapspro #wordpress #securityvulnerability

Covered by 2 sourcesThe Next Web SecurityWeek

See how this developed

Read full story

More to chew on!

Security5 days ago

Critical Windows Netlogon Vulnerability in Attackers' Crosshairs

Security3 days ago

Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation