WP Maps Pro bug exploited to create admin accounts on WordPress sites

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...
BBC

Client-side scripting using JavaScript

The client is the computer system (including tablets and mobile devices) that is running the web browser. Client-side scripts are interpreted by the browser and executed on the client system.
The Next Web

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account ...

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create admin accounts on 15,000+ WordPress sites. Wordfence blocked 2,858 attacks in 24 hours.
The Hacker News

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro, a WordPress plugin that has had over 15,000 sales on the Envato Market, to create malicious ...