Back to advisories

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

Critical privilege escalation vulnerability CVE-2026-8732 in WP Maps Pro is actively being exploited to create unauthorized administrator accounts on WordPress sites. Any unpatched installation is at immediate risk of complete site takeover. This affects all versions prior to 6.1.1.

CRITICALAdvisoryJun 02, 2026

Action required

Immediately identify and patch all WP Maps Pro installations to version 6.1.1 or later. Hunt for suspicious admin account creation events in WordPress logs on systems running vulnerable versions and review access logs for unauthenticated requests to WP Maps Pro endpoints.

Affected products

WP Maps ProWordPressWordfence

CVE IDs

Linked articles

Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

Source links

https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html