The Next Web

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.
SecurityWeek

WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites

A vulnerability in the WP Maps Pro WordPress plugin has been exploited to create admin accounts and take over vulnerable sites.