Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

WP Maps Pro unauthenticated admin-account-creation flaw (CVE-2026-8732)

Vulnerability
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

WP Maps Pro versions 6.1.0 and older contain CVE-2026-8732, an unauthenticated flaw that can create rogue administrator accounts and lead to full WordPress site takeover. Defiant observed active targeting and blocked more than 3,600 attempts in 24 hours. A fix is available in WP Maps Pro 6.1.1, and site owners should update immediately.

Related Happenings

Service Finder WordPress theme active auth bypass exploitation wave (CVE-2025-5947)

Exploitation Wave
First: 08.10.2025 18:57 Last: 08.10.2025 18:57 Sources 1

About this happening: **CVE-2025-5947** is being exploited at scale against the **Service Finder WordPress theme**, with attackers using an authentication bypass to log in as administrators and take ov...

Open Happening

Timeline

  1. 31.05.2026 17:06 2 articles · 1h ago

    Defiant blocks more than 3,600 WP Maps Pro exploitation attempts

    Exploitation Observed

    Defiant observed threat actors targeting WordPress websites running WP Maps Pro 6.1.0 and older and blocked more than 3,600 exploitation attempts in the 24 hours before May 31, 2026.

    Show sources
    Open in new tab
  3. 16.05.2026 03:00 1 articles · 15d ago

    Wordfence validates the WP Maps Pro exploit and notifies the vendor

    Technical Analysis Update

    After validating the exploit, Wordfence notified the WP Maps Pro vendor on May 16 about CVE-2026-8732, a critical flaw in versions 6.1.0 and older that lets unauthenticated users create administrator accounts.

    Show sources
    Open in new tab
  4. 24.03.2026 02:00 1 articles · 2mo ago

    David Brown reports CVE-2026-8732 in WP Maps Pro to Wordfence

    Initial Disclosure

    Security researcher David Brown reported CVE-2026-8732 in the WP Maps Pro WordPress plugin to Wordfence on March 24 after identifying an unauthenticated path that could create administrator accounts on WordPress sites.

    Show sources
    Open in new tab