Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

WP Maps Pro 6.1.1 security patch for CVE-2026-8732

Security Patch Release
First reported
Last updated
Happening score
H score 44
1 unique sources, 1 articles

Summary

Hide ▲

WP Maps Pro 6.1.1 was released to fix CVE-2026-8732, giving WordPress administrators a patch for a flaw that enabled unauthenticated administrator-account creation. The affected range was versions 6.1.0 and older, and the update was published on May 20. Administrators should install 6.1.1 as soon as possible because malicious activity has already been observed.

Related Happenings

TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926

Security Patch Release
First: 22.05.2026 11:19 Last: 22.05.2026 11:19 Sources 1

About this happening: **TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....

Open Happening

Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498

Security Patch Release
First: 21.05.2026 10:49 Last: 21.05.2026 10:49 Sources 1

About this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...

Latest development: 21.05.2026 12:52

Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.

Open Happening

CPanel security patch release for CVE-2026-41940

Security Patch Release
First: 29.04.2026 12:37 Last: 29.04.2026 12:37 Sources 1

About this happening: **cPanel** released **security updates** for **cPanel and WHM** after an **authentication bypass** flaw could let remote attackers reach control-panel access, with fixes now cover...

Latest development: 04.05.2026 22:14

CVE-2026-41940 in cPanel, WebHost Manager (WHM), and WP Squared was rapidly exploited after public disclosure, with Censys reporting attacks from multiple threat actors within 24 hours and about 15,000 potentially compromised instances in the first day. KnownHost said about 30 managed cPanel servers showed attempted exploitation, WatchTowr Labs published a PoC exploit and technical analysis, and Defused said much of the observed activity copied WatchTowr's PoC exactly.

Open Happening

Citrix security patch release for CVE-2026-3055

Security Patch Release
First: 24.03.2026 07:59 Last: 24.03.2026 07:59 Sources 1

About this happening: Citrix's **NetScaler ADC** and **NetScaler Gateway** updates close **CVE-2026-3055** and **CVE-2026-4368**, including a flaw that could leak sensitive memory from configured appli...

Open Happening

Elementor Ally 4.1.0 security patch release (CVE-2026-2313)

Security Patch Release
First: 11.03.2026 21:38 Last: 11.03.2026 21:38 Sources 1

About this happening: **Elementor** released **Ally 4.1.0** to fix **CVE-2026-2313**, a **SQL injection** flaw in the WordPress accessibility plugin that could expose **sensitive data**. The update lan...

Open Happening

Timeline

  1. 31.05.2026 17:06 1 articles · 1h ago

    David Brown reports WP Maps Pro flaw to Wordfence

    Initial Disclosure

    Security researcher David Brown reported CVE-2026-8732 to Wordfence on March 24 after finding that WP Maps Pro versions 6.1.0 and older allowed unauthenticated creation of WordPress administrator accounts through the plugin's temporary access feature.

    Show sources
    Open in new tab
  2. 31.05.2026 17:06 1 articles · 1h ago

    Wordfence validates the exploit and notifies WP Maps Pro

    Technical Analysis Update

    After validating the exploit, Wordfence notified WP Maps Pro on May 16 about CVE-2026-8732, which can let unauthenticated requests create a WordPress administrator account through the plugin's AJAX-based temporary access feature.

    Show sources
    Open in new tab
  3. 31.05.2026 17:06 2 articles · 1h ago

    WP Maps Pro 6.1.1 fixes CVE-2026-8732

    Mitigation Patch Update

    WP Maps Pro released version 6.1.1 on May 20 with a fix for CVE-2026-8732, closing the unauthenticated path that could create rogue administrator accounts on WordPress sites running versions 6.1.0 and older.

    Show sources
    Open in new tab
  4. 31.05.2026 17:06 1 articles · 1h ago

    Defiant blocks active exploitation attempts against WP Maps Pro sites

    Exploitation Observed

    Defiant observed threat actors trying to exploit CVE-2026-8732 against WordPress websites running WP Maps Pro and blocked more than 3,600 attempts over the past 24 hours, indicating active abuse of the flaw to create rogue administrator accounts.

    Show sources
    Open in new tab