The Point: A critical vulnerability in WP Maps Pro is being actively exploited to create admin accounts on WordPress websites and take them over.
Attackers are exploiting a critical security flaw in the WordPress plugin WP Maps Pro to illegally create administrator accounts on affected websites. The plugin has been sold over 15,000 times on the Envato Market.
WP Maps Pro is a WordPress plugin for integrating customizable Google Maps and OpenStreetMap functionality with markers, listings, and advanced location features. The current campaign aims to compromise infected websites by creating admin accounts.
For CISOs and IT security officers, such vulnerabilities in widely distributed plugins are critical because they endanger websites deployed in enterprise environments. Active exploitation suggests opportunistic or targeted attacks that can lead to data access, malware distribution, or website takeover.
Immediate measures: Verify all installed versions of WP Maps Pro in your infrastructure inventory, promptly update to a patched version, and audit admin accounts for suspicious new entries. Additionally, Web Application Firewalls (WAF) and intrusion detection systems should be configured to monitor for corresponding exploit attempt patterns.
Source: thehackernews.com · Published 1 June 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.2.8.