CVE-2026-8732 | flippercode WP Maps Pro Plugin up to 6.0.4 on WordPress Javascript Object wpgmp_temp_access_ajax nonce missing authentication (EUVD-2026-33251)

The WP Maps Pro WordPress plugin (versions up to and including 6.1.0) contains a critical missing-authentication vulnerability (CVE-2026-8732) in the wpgmp_temp_access_ajax AJAX action that can be triggered remotely to unconditionally create an administrator account and obtain a login URL, enabling complete site takeover; disclosed by Wordfence/David Brown with CVSS metadata around 8.4, technical details are known but no public exploit is available.