Threat actors are exploiting CVE-2026-8732 in the WP Maps Pro WordPress plugin to create administrator accounts and fully take over vulnerable websites. Defiant says the flaw was patched in WP Maps Pro 6.1.1, while more than 1,700 attacks were blocked in the past 24 hours. #WPMapsPro #CVE-2026-8732 #Defiant
Keypoints
- CVE-2026-8732 affects the WP Maps Pro WordPress plugin with a CVSS score of 9.8.
- The flaw lets unauthenticated attackers create new administrator accounts.
- The vulnerability stems from an AJAX callback protected only by a nonce check.
- Attackers can obtain a magic login URL and access sites without a password.
- WP Maps Pro version 6.1.1 adds a capability check to fix the issue.
Read More: https://www.securityweek.com/wp-maps-pro-vulnerability-exploited-to-take-over-wordpress-sites/