HomeEverythingEducation
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
Story archiveAll categories
← All Stories

WordPress plugin flaw allows admin account creation; attackers exploiting

Created at 2 Jun · 5:02 AM1 source↑ Market-relevant
IN SHORT

A critical vulnerability in the WP Maps Pro WordPress plugin, sold to over 15,000 websites, allows unauthenticated users to create administrator accounts. Attackers are actively exploiting this flaw, tracked as CVE-2026-8732 with a CVSS score of 9.8.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

15,000+WP Maps Pro plugin sales
9.8CVSS score for vulnerability

Who's Involved

WP Maps Pro
WordPress plugin with a critical vulnerability

↳ Why This Matters

A critical security flaw has been discovered in the WP Maps Pro WordPress plugin, a widely used commercial add-on. The vulnerability allows any unauthenticated user to gain administrative privileges on a website, effectively giving them full control. This poses a significant risk to the thousands of sites that use the plugin, especially since attackers are already actively exploiting the flaw.

Key facts

  • A critical vulnerability exists in the WP Maps Pro WordPress plugin.
  • The flaw allows unauthenticated users to create administrator accounts.
  • Attackers are actively exploiting the vulnerability.
  • The vulnerability is tracked as CVE-2026-8732 with a CVSS score of 9.8.
  • The plugin has been sold to over 15,000 websites.

A critical security flaw has been discovered in the WP Maps Pro WordPress plugin, a widely used commercial add-on. The vulnerability allows any unauthenticated user to gain administrative privileges on a website, effectively giving them full control. This poses a significant risk to the thousands of sites that use the plugin, especially since attackers are already actively exploiting the flaw.

Frequently asked questions

WP Maps Pro is a commercial WordPress plugin that has been sold to over 15,000 websites.

The vulnerability, tracked as CVE-2026-8732, allows unauthenticated users to create administrator accounts on WordPress sites using the plugin.

Yes, attackers are actively exploiting the flaw to gain administrative control of vulnerable websites.

The vulnerability has a CVSS score of 9.8, indicating a critical severity level.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

1 Jun · 7:08 PM
A critical flaw in the WP Maps Pro WordPress plugin, sold to over 15,000 sites, allows unauthenticated users to create admin accounts.
The Next Web via PiQSuite

Sources

T1
A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using itm.piqsuite.com

Related Stories

AssuranceAmerica Data Breach Exposes Millions of Driver's Licenses
8 Jul · 4:35 PM
Linux KVM vulnerability allows VM escape, root access
8 Jul · 7:05 PM
Thousands of routers bricked after Australian government program ends
8 Jul · 6:15 PM
Lawsuit: Grok user created 7K child sex images; xAI accused of obstructing probe
8 Jul · 8:05 PM
World Cup marred by AI-generated racist misinformation
8 Jul · 2:55 PM