CVE-2026-8732: The WP Maps Pro Flaw That Lets Anyone Create a WordPress Admin Without a Password Tracked as CVE-2026-8732.
CVE-2026-8732: The WP Maps Pro Flaw That Lets Anyone Create a WordPress Admin Without a Password
- CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create WordPress admin accounts. 2,858 attacks blocked in 24 hours.
- WP Maps Pro plugin allows WordPress site owners to embed Google Maps and OpenStreetMap with markers, listings, and location search. Itβs a store locator tool. Unremarkable. The plugin is installed on over 15,000 websites, according to sale data of Envato Market. And right now, attackers are actively exploiting a critical flaw in it that lets anyone on the internet create a full administrator account on an affected site without logging in first.
Full analysis: https://securitycyber.uk
Source: https://securityaffairs.com/192977/hacking/cve-2026-8732-the-wp-maps-pro-flaw-that-lets-anyone-create-a-wordpress-admin-without-a-password.html
More at https://securitycyber.uk
Mastodon: https://infosec.exchange/@securitycyber
LinkedIn: https://www.linkedin.com/in/charlie-collins-sec
Bluesky: https://bsky.app/profile/securitycyberuk.bsky.social
Substack: https://securitycyber.substack.com
Discord: https://discord.gg/securitycyber
Recommended resources to go deeper: https://www.hackthebox.com for hands-on practice, https://portswigger.net/web-security for free web security labs, and https://academy.tcm-sec.com for structured courses.
Originally published at https://securitycyber.uk
Top comments (0)