TECH NEWS

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

https://media.thenextweb.com/2026/06/wp-maps-pro-wordpress-vulnerability-admin-accounts-cve-2026-8732.avif

TL;DR

A critical vulnerability (CVE-2026-8732, CVSS 9.8) in the WP Maps Pro WordPress plugin allows unauthenticated attackers to create admin accounts and take over sites. Wordfence blocked 2,858 exploitation attempts in 24 hours, with the flaw patched in version 6.1.1.

A critical vulnerability in WP Maps Pro, a commercial WordPress plugin with more than 15,000 sales on the Envato Market, is being actively exploited by attackers to create malicious administrator accounts on vulnerable sites. The flaw, tracked as CVE-2026-8732 with a CVSS score of 9.8, allows unauthenticated users to gain full administrative control of any WordPress installation running an unpatched version of the plugin.

Wordfence, which discovered the exploitation campaign, reported blocking 2,858 attackstargeting the vulnerability in the 24 hours prior to its disclosure. The flaw affects all versions of WP Maps Pro up to and including 6.1.0 and was patched in version 6.1.1, released on 20 May 2026....

Copyright of this story solely belongs to thenextweb.com. To see the full text click HERE

Read more

https://cdn.mos.cms.futurecdn.net/46W7Uv8dFoPk5h4zPBEJqa-2560-80.jpg

Quote of the day by Oracle co-founder Larry Ellison: "Citizens will be on their best behavior, because we’re constantly recording and reporting everything that is going on" — a dire warning on the erosion of privacy

Co-founder of Oracle, Larry Ellison, who serves as the cloud giant's CTO, has been part of the tech industry's furniture for decades now. Looking ahead, he projects the rise of technologies such as AI, drones, and additional monitoring systems. The modern surveillance state Ellison's