A critical vulnerability in the WP Maps Pro WordPress plugin is being actively exploited by threat actors to create malicious administrator accounts on vulnerable sites. The plugin, which has been sold over 15,000 times on the Envato Market, allows site owners to embed customizable maps with advanced features. The flaw is being used to gain unauthorized access to sites, posing a significant risk to their security and integrity. The WP Maps Pro plugin is widely used to embed Google Maps and OpenStreetMap with markers, listings, and location features on WordPress sites1. This exploitation highlights the importance of keeping plugins up to date and monitoring site activity for suspicious behavior. The fact that threat actors are actively exploiting this flaw to create admin accounts means that site owners must take immediate action to protect their sites, as a compromised administrator account can lead to complete site takeover, so a prompt update or patch is crucial to prevent further exploitation.
Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts
⚡ High Priority
Why This Matters
WP Maps Pro allows site owners to embed customizable Google Maps and OpenStreetMap with markers, listings, and advanced location features on WordPress sites.
References
- The Hacker News. (2026, June 1). Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts. The Hacker News. https://thehackernews.com/2026/06/critical-wp-maps-pro-flaw-actively.html
Original Source
The Hacker News
Read original →