A critical vulnerability in the WP Maps Pro plugin for WordPress is being exploited by hackers to create unauthorized administrator accounts on vulnerable sites. This bug allows attackers to bypass authentication mechanisms, granting them full control over the compromised website. The affected plugin version is being targeted by malicious actors, who can leverage this flaw to gain administrative access without requiring any login credentials. The lack of authentication requirements makes it particularly concerning, as it enables hackers to create rogue admin accounts with ease. This exploitation can lead to a range of malicious activities, including data breaches, malware distribution, and defacement of the website. The vulnerability is being actively exploited in the wild, with multiple WordPress sites already compromised1. This matters to security practitioners because it highlights the need for prompt patching and updating of plugins to prevent such exploits, especially for widely-used platforms like WordPress.
WP Maps Pro bug exploited to create admin accounts on WordPress sites
⚡ High Priority
Why This Matters
Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication.
References
- Lawrence Abrams. (2026, May 31). WP Maps Pro bug exploited to create admin accounts on WordPress sites. *BleepingComputer*. https://www.bleepingcomputer.com/news/security/wp-maps-pro-bug-exploited-to-create-admin-accounts-on-wordpress-sites/
Original Source
BleepingComputer
Read original →