WP Maps Pro plugin flaw to create admin accounts on WordPress sites saw 3,600 attempts in a single day

TECH

WP Maps Pro plugin flaw to create admin accounts on WordPress sites saw 3,600 attempts in a single day | Daily Reports Online

ByDaily Report June 1, 2026

Share

Researchers disclosed a critical flaw in WP Maps Pro allowing attackers to create hardcoded admin accounts
Exploitation is active: Wordfence blocked over 3,600 attempts in a single day
Patch released May 20 (v6.1.1); users must upgrade immediately

Criminals are actively exploiting a critical vulnerability in a popular WordPress plugin to create admin accounts and thus take over entire websites. This is according to multiple security researchers including David Brown (who first disclosed the flaw), and Defiant, who confirmed in-the-wild exploitation attempts.

The plugin in question is called WP Maps Pro, it is a premium WordPress plugin used to create customizable maps, interactive store locators, and similar, using either Google Maps or OpenStreetMap. The plugin is currently used by more than 15,000 websites, according to Envato Market numbers.

As per Brown’s research, the plugin suffered from a “privilege escalation via administrator account creation” vulnerability which allowed threat actors to create a new WordPress user with a hardcoded admin role. The vulnerability is now tracked as CVE-2026-8732, and carries a severity score of 9.8/10 (critical). It was found in versions 6.1.0 and older.

Latest Videos From

Applying a fix

Defiant, the cybersecurity company behind Wordfence, said its researchers observed and stopped more than 3,600 exploitation attempts in just one day.

“When the request is made with a check_temp parameter set to false, the function creates a new WordPress user via wp_insert_user() with the hardcoded role of administrator, a randomly generated username, and the hardcoded email address [email protected],” the researchers said. “The function then generates a “magic login URL” using generate_login_link(), stores it as user meta, and returns it in the response body.”

See also Razer Phantom Collection with Chroma RGB, Dynamic Lighting Support Launched in India: Check Price, Features | Daily Reports Online

The fix was released four days after initial disclosure, on May 20. Users are advised to upgrade to version 6.1.1 as soon as possible to avoid being targeted.

With WordPress powering much of today’s internet, it is also one of the most targeted platforms in existence. Its vast ecosystem of plugins and themes, both free and premium, are constantly being abused in attacks such as this one.

Via BleepingComputer

Best antivirus software header

The best antivirus for all budgets

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

TECH
Google says it is ‘proud’ to serve the Pentagon – new DoD contract expansion says Gemini will only be used for ‘any lawful purpose’, but what happened to ‘Don’t Be Evil’? | Daily Reports Online
ByDaily Report April 30, 2026
Share
Share Google is edging into the military/government market New Pentagon contract allows Gemini use for ‘any lawful purpose’ Google employees are not happy with the new contract Google recently expanded its contract with the US Department of Defense (DoD) to provide Gemini for use in classified operations, or for “any lawful purpose”, and has also…
Read More Google says it is ‘proud’ to serve the Pentagon – new DoD contract expansion says Gemini will only be used for ‘any lawful purpose’, but what happened to ‘Don’t Be Evil’? | Daily Reports Online
TECH
Samsung Galaxy S26 Series Tipped to Use Silicon-Carbon Batteries | Daily Reports Online
ByDaily Report January 18, 2025
Share
Share Samsung Galaxy S25 series is expected to be unveiled on January 22. The lineup will likely include a base, a Plus and an Ultra variant, which are said to succeed the Galaxy S24, Galaxy S24+ and Galaxy S24 Ultra handsets, respectively. Even before the Galaxy S25 series hits the market, Samsung’s next range of Galaxy…
Read More Samsung Galaxy S26 Series Tipped to Use Silicon-Carbon Batteries | Daily Reports Online
TECH
Solar Orbiter Captures First-Ever Close-Up of Sun’s South Pole, Revealing Magnetic Field Chaos | Daily Reports Online
ByDaily Report June 12, 2025
Share
Share The European Space Agency has released an image showing the south pole of the Sun. This image was taken on March 23, 2025, but was revealed yesterday on June 11, 2025. These new images from the Solar Orbiter spacecraft show a view of the Sun that has never been recorded before. Solar Orbiter spent…
Read More Solar Orbiter Captures First-Ever Close-Up of Sun’s South Pole, Revealing Magnetic Field Chaos | Daily Reports Online
TECH
Vivo V50 Review: Fancy Design Backed by Big Battery Life | Daily Reports Online
ByDaily Report February 25, 2025
Share
Share Vivo, a brand known mainly for its mid-premium segment smartphones, is seeing increasing competition with every passing year. While it was difficult to find features such as a good camera and battery life in this segment a few years ago, the competition has now caught up. Xiaomi’s Redmi Note 14 Pro+ (which was earlier…
Read More Vivo V50 Review: Fancy Design Backed by Big Battery Life | Daily Reports Online
TECH
The 4 turntables they really want on Graduation Day — or for their new apartment — as picked by an audio editor | Daily Reports Online
ByDaily Report June 21, 2026
Share
Share It’s a huge day. That second you become fully aware that your studying days and nights are finally behind you is one of life’s pivotal moments. You only really know it happened because someone tied a ribbon around your results, handed you a robe, and took your photo holding the scroll. But you did…
Read More The 4 turntables they really want on Graduation Day — or for their new apartment — as picked by an audio editor | Daily Reports Online
TECH
Google Keep for Android Rolls Out AI-Powered Feature That Can Generate Lists for You | Daily Reports Online
ByDaily Report August 23, 2024
Share
Share Google Keep for Android is getting a feature that helps generate lists using artificial intelligence (AI). The feature, dubbed “Help me create a list”, is rolling to users of the Android version of the app, enabling them to generate a list based on their requirements, such as packing essentials for a camping trip, shopping…
Read More Google Keep for Android Rolls Out AI-Powered Feature That Can Generate Lists for You | Daily Reports Online