Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical WP Maps Pro Flaw Endangers WordPress Sites

Critical WP Maps Pro Flaw Endangers WordPress Sites

Posted on June 1, 2026 By CWS

A severe vulnerability has been identified in the WP Maps Pro WordPress plugin, posing significant risks to website security. Security firm Defiant warns that this flaw is being actively exploited by malicious actors to hijack websites.

Understanding the WP Maps Pro Plugin

The WP Maps Pro plugin is widely used by site administrators to incorporate Google Maps into their sites, offering advanced customization with location markers and categories. However, a critical flaw, identified as CVE-2026-8732 with a CVSS score of 9.8, is currently being exploited.

This vulnerability allows unauthorized individuals to establish new administrative accounts on compromised sites, effectively taking control of them. The flaw stems from a temporary access feature designed to assist the vendor in troubleshooting, which inadvertently opens a backdoor for attackers.

Exploit Mechanics and Vulnerability Details

The vulnerability is found within a callback AJAX function responsible for generating temporary access, safeguarded only by a nonce check. This nonce is embedded on every frontend page, making it accessible to any visitor, thus rendering the security measure ineffective.

Furthermore, the plugin lacks proper capability checks, enabling attackers to invoke the AJAX action with a specific parameter set to bypass restrictions, creating an admin-level user with a predefined email and random username. This process also generates a magic login URL, allowing attackers to access the site without a password.

Consequences and Mitigation Efforts

Once an attacker gains admin-level access, they can install harmful plugins, alter themes, introduce backdoors, and extract sensitive data, as explained by Defiant. This vulnerability was patched in WP Maps Pro version 6.1.1, which includes a capability check to limit access to authorized administrators.

Defiant has reported blocking over 1,700 attacks targeting this vulnerability within a single day. Website administrators are strongly advised to update their plugins to the latest version to safeguard against these exploits.

In related news, other WordPress plugins, such as LiteSpeed cPanel and Post SMTP, have also faced security challenges, emphasizing the need for regular updates and vigilance in website security practices.

Security Week News Tags:administrator account, AJAX function, CVE-2026-8732, cybersecurity threat, Defiant, nonce issue, plugin vulnerability, security patch, site takeover, WordPress security, WP Maps Pro

Post navigation

Previous Post: Miasma Attack Targets Red Hat npm Packages with Worm
Next Post: Magento Cache Plugin Flaw Enables Remote Code Attacks

Related Posts

Microsoft Unveils Security Enhancements for Identity, Defense, Compliance Microsoft Unveils Security Enhancements for Identity, Defense, Compliance Security Week News
Four Arrested in UK Over M&S, Co-op Cyberattacks Four Arrested in UK Over M&S, Co-op Cyberattacks Security Week News
Cisco Reports 2026’s Seventh SD-WAN Zero-Day Flaw Cisco Reports 2026’s Seventh SD-WAN Zero-Day Flaw Security Week News
Inti De Ceukelaire: Crafting Ethical Hacks Inti De Ceukelaire: Crafting Ethical Hacks Security Week News
TikTok Finalizes a Deal to Form a New American Entity TikTok Finalizes a Deal to Form a New American Entity Security Week News
UK Unveils Cybersecurity Strategy with AI Defense Initiative UK Unveils Cybersecurity Strategy with AI Defense Initiative Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Coca-Cola Halts Fairlife Production Following Cyber Attack
  • 7-Zip Flaw Risks Remote Code Execution for Millions
  • Hackers Sentenced for Disrupting London Transport Systems
  • JetBrains Fixes Critical Security Flaws in Key Products
  • Dutch Police Break Up €100 Million Fraud Network

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Coca-Cola Halts Fairlife Production Following Cyber Attack
  • 7-Zip Flaw Risks Remote Code Execution for Millions
  • Hackers Sentenced for Disrupting London Transport Systems
  • JetBrains Fixes Critical Security Flaws in Key Products
  • Dutch Police Break Up €100 Million Fraud Network

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark