WP Maps Pro plugin flaw to create admin accounts on WordPress sites saw 3,600 attempts in a single day
- Researchers disclosed a critical flaw in WP Maps Pro allowing attackers to create hardcoded admin accounts
- Exploitation is active: Wordfence blocked over 3,600 attempts in a single day
- Patch released May 20 (v6.1.1); users must upgrade immediately
Criminals are actively exploiting a critical vulnerability in a popular WordPress plugin to create admin accounts and thus take over entire websites. This is according to multiple security researchers including David Brown (who first disclosed the flaw), and Defiant, who confirmed in-the-wild exploitation attempts.
The plugin in question is called WP Maps Pro, it is a premium WordPress plugin used to create customizable maps, interactive store locators, and similar, using either Google Maps or OpenStreetMap. The plugin is currently used by more than 15,000 websites, according to Envato Market numbers.
As per Brown’s research, the plugin suffered from a “privilege escalation via administrator account creation” vulnerability which allowed threat actors to create a...
Copyright of this story solely belongs to techradar.com. To see the full text click HERE
