WP Maps Pro 6.1.1 security patch for CVE-2026-8732
Security Patch Release
Summary
Hide ▲
Show ▼
WP Maps Pro 6.1.1 was released to fix CVE-2026-8732, giving WordPress administrators a patch for a flaw that enabled unauthenticated administrator-account creation. The affected range was versions 6.1.0 and older, and the update was published on May 20. Administrators should install 6.1.1 as soon as possible because malicious activity has already been observed.
Related Happenings
Gravity SMTP security patch release for CVE-2026-4020
Security Patch Release
H score16
First: 20.06.2026 12:56
Last: 20.06.2026 12:56
Sources 1
About this happening:
**Gravity SMTP** released **version 2.1.5** to fix **CVE-2026-4020**, closing a **medium-severity information disclosure** flaw in the WordPress plugin. The patch addresses a bug...
Gravity SMTP security patch release for CVE-2026-4020
Security Patch ReleaseAbout this happening: **Gravity SMTP** released **version 2.1.5** to fix **CVE-2026-4020**, closing a **medium-severity information disclosure** flaw in the WordPress plugin. The patch addresses a bug...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch Release
H score43
First: 06.06.2026 17:09
Last: 06.06.2026 17:09
Sources 1
About this happening:
The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
Everest Forms Pro plugin patch for CVE-2026-3300
Security Patch ReleaseAbout this happening: The **Everest Forms developer** released a patch for **CVE-2026-3300** in **Everest Forms Pro** on **March 18**, closing an **unauthenticated arbitrary code execution** flaw affec...
The vendor security patch release for CVE-2026-8206
Security Patch Release
H score89
First: 03.06.2026 01:12
Last: 03.06.2026 01:12
Sources 1
About this happening:
**Kirki - Freeform Page Builder, Website Builder & Customizer** shipped **version 6.0.7** to fix **CVE-2026-8206**, a privilege-escalation flaw that could let attackers take over...
The vendor security patch release for CVE-2026-8206
Security Patch ReleaseAbout this happening: **Kirki - Freeform Page Builder, Website Builder & Customizer** shipped **version 6.0.7** to fix **CVE-2026-8206**, a privilege-escalation flaw that could let attackers take over...
TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926
Security Patch Release
H score45
First: 22.05.2026 11:19
Last: 22.05.2026 11:19
Sources 1
About this happening:
**TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....
TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926
Security Patch ReleaseAbout this happening: **TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch Release
H score44
First: 21.05.2026 10:49
Last: 21.05.2026 10:49
Sources 1
About this happening:
Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch ReleaseAbout this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Latest development: 21.05.2026 12:52
Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.
Timeline
-
31.05.2026 17:06 1 articles · 1mo ago
David Brown reports WP Maps Pro flaw to Wordfence
Initial DisclosureSecurity researcher David Brown reported CVE-2026-8732 to Wordfence on March 24 after finding that WP Maps Pro versions 6.1.0 and older allowed unauthenticated creation of WordPress administrator accounts through the plugin's temporary access feature.
Show sources
- WP Maps Pro bug exploited to create admin accounts on WordPress sites — www.bleepingcomputer.com — 31.05.2026 17:06
-
31.05.2026 17:06 1 articles · 1mo ago
Wordfence validates the exploit and notifies WP Maps Pro
Technical Analysis UpdateAfter validating the exploit, Wordfence notified WP Maps Pro on May 16 about CVE-2026-8732, which can let unauthenticated requests create a WordPress administrator account through the plugin's AJAX-based temporary access feature.
Show sources
- WP Maps Pro bug exploited to create admin accounts on WordPress sites — www.bleepingcomputer.com — 31.05.2026 17:06
-
31.05.2026 17:06 2 articles · 1mo ago
WP Maps Pro 6.1.1 fixes CVE-2026-8732
Mitigation Patch UpdateWP Maps Pro released version 6.1.1 on May 20 with a fix for CVE-2026-8732, closing the unauthenticated path that could create rogue administrator accounts on WordPress sites running versions 6.1.0 and older.
Show sources
- WP Maps Pro bug exploited to create admin accounts on WordPress sites — www.bleepingcomputer.com — 31.05.2026 17:06
- WP Maps Pro bug exploited to create admin accounts on WordPress sites — www.bleepingcomputer.com — 31.05.2026 17:06
-
31.05.2026 17:06 2 articles · 1mo ago
Defiant blocks active exploitation attempts against WP Maps Pro sites
Exploitation ObservedDefiant observed threat actors trying to exploit CVE-2026-8732 against WordPress websites running WP Maps Pro and blocked more than 3,600 attempts over the past 24 hours, indicating active abuse of the flaw to create rogue administrator accounts.
Show sources
- WP Maps Pro bug exploited to create admin accounts on WordPress sites — www.bleepingcomputer.com — 31.05.2026 17:06
- Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts — thehackernews.com — 01.06.2026 11:45