Hackers are actively targeting WordPress sites running vulnerable WP Maps Pro versions to create rogue administrator accounts without authentication. The critical flaw, tracked as CVE-2026-8732, has been fixed in WP Maps Pro 6.1.1, and administrators should update immediately to stop ongoing exploitation attempts. #WPMapsPro #CVE20268732 #Wordfence #DavidBrown
Keypoints
- CVE-2026-8732 affects WP Maps Pro versions 6.1.0 and older.
- The flaw lets unauthenticated attackers create rogue WordPress administrator accounts.
- The bug is tied to the pluginโs โtemporary accessโ feature and weak nonce protection.
- Defiant blocked more than 3,600 exploit attempts in the last 24 hours.
- WP Maps Pro 6.1.1 was released to fix the vulnerability, and updates are urgently recommended.