Vulnerable WordPress Sites Under Attack

Exploiting a Critical Flaw

Hackers are targeting WordPress websites with a vulnerable version of the WP Maps Pro plugin, creating rogue admin accounts without authentication. The attacks began after a critical vulnerability was discovered. The vulnerability is tracked as CVE-2026-8732.

The WP Maps Pro plugin vulnerability allows attackers to create new administrator accounts, giving them full control over the compromised site. This is done without requiring any authentication, making it easy for hackers to gain access. The vulnerability has a critical severity rating, indicating a high level of risk.

The attackers exploit the vulnerability by sending a crafted request to the vulnerable plugin, allowing them to create a new admin account. This account can then be used to take control of the site, potentially leading to malicious activities such as data theft or malware distribution.

Can Vulnerable Sites Be Saved?

Site administrators can mitigate the vulnerability by updating the WP Maps Pro plugin to a patched version. However, sites that have already been compromised may need to take additional steps to remove malicious accounts and restore security.

The consequences of these attacks can be severe, with compromised sites potentially being used for malicious activities. Site administrators must take immediate action to update their plugins and prevent further attacks.

Frequently Asked Questions

What is the CVE-2026-8732 vulnerability? The CVE-2026-8732 vulnerability is a critical flaw in the WP Maps Pro plugin that allows attackers to create rogue admin accounts without authentication.

How can I protect my WordPress site? Update the WP Maps Pro plugin to a patched version to prevent exploitation.

What should I do if my site is compromised? Remove malicious accounts, restore security, and update all plugins to the latest version.