Key facts
- A critical vulnerability exists in the WP Maps Pro WordPress plugin.
- The flaw allows unauthenticated users to create administrator accounts.
- Attackers are actively exploiting the vulnerability.
- The vulnerability is tracked as CVE-2026-8732 with a CVSS score of 9.8.
- The plugin has been sold to over 15,000 websites.
A critical security flaw has been discovered in the WP Maps Pro WordPress plugin, a widely used commercial add-on. The vulnerability allows any unauthenticated user to gain administrative privileges on a website, effectively giving them full control. This poses a significant risk to the thousands of sites that use the plugin, especially since attackers are already actively exploiting the flaw.