#wp-maps-pro

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

A critical vulnerability in the WP Maps Pro WordPress plugin, affecting over 15,000 sites, is being actively exploited by attackers to create admin accounts. The flaw, CVE-2026-8732, has a CVSS score of 9.8.