DEV Community

Security Cyber
Security Cyber

Posted on

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

#cybersecurity #infosec #general

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

Critical Alert: A severe vulnerability (CVE-2026-8732) has been identified and requires immediate attention from security teams worldwide.

The Details

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts.

Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious administrator accounts on susceptible sites..

WP Maps Pro allows site owners to embed customizable Google Maps and OpenStreetMap with markers, listings, and advanced location features on WordPress sites. It is used as a store locator tool, making it easier for users to find nearby locations, view listing details, and get directions..

The vulnerability in question is CVE-2026-8732 (CVSS score: 9.8), a privilege escalation bug that allows unauthenticated attackers to create a WordPress user with administrative permissions, effectively allowing them to take control of a site..

Tracked as CVE-2026-8732 — a formally catalogued vulnerability in the National Vulnerability Database.

Why This Requires Immediate Action

This is being actively exploited — meaning attackers are already weaponising this against real targets. There is no grace window. Every hour unpatched is an hour attackers have the advantage.

What To Do Right Now

  1. Verify whether your environment uses any affected components or software. 2. Check your exposure immediately — review dependency trees, running services, and remote access configurations. 3. Look up CVE-2026-8732 in the NVD for the full CVSS vector, affected versions, and vendor advisories. 4. Apply patches or mitigations immediately if you are affected. Do not wait for the next maintenance window. 5. Brief your security team and escalate to incident response if you detect any indicators related to this threat. 6. Share this alert with peers in your network — the faster the community responds, the less effective the attack becomes.

Source: https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html

Are you affected? What mitigations are you deploying? Share below.

More at https://securitycyber.uk
Mastodon: https://infosec.exchange/@securitycyber
LinkedIn: https://www.linkedin.com/in/charlie-collins-sec
Bluesky: https://bsky.app/profile/securitycyberuk.bsky.social
Substack: https://securitycyber.substack.com
Discord: https://discord.gg/securitycyber

Recommended resources to go deeper: https://www.hackthebox.com for hands-on practice, https://portswigger.net/web-security for free web security labs, and https://academy.tcm-sec.com for structured courses.

Originally published at https://securitycyber.uk

Top comments (0)