Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts

A critical privilege-escalation vulnerability (CVE-2026-8732, CVSS 9.8) in the WP Maps Pro WordPress plugin allows unauthenticated attackers to create administrator accounts and achieve full site takeover; the plugin was patched in version 6.1.1, but Wordfence reported active exploitation and blocked 2,858 attacks in 24 hours, so immediate patching is advised.