Critical WP Maps Pro Flaw Exploited

A critical, actively exploited flaw in the popular WP Maps Pro plugin allows attackers to create admin accounts and take over WordPress sites.

A critical security vulnerability in the popular WP Maps Pro WordPress plugin is being actively exploited by attackers. The flaw allows unauthorized individuals to create new administrator accounts on websites using the plugin, granting them complete control. This type of vulnerability is particularly dangerous as it provides a direct path for a full site takeover without needing to steal existing credentials. WP Maps Pro, a premium plugin with over 15,000 sales on the Envato Market, is used by businesses to embed customizable maps with advanced location features, making its user base widespread.

The immediate impact for affected site owners is severe. Once an attacker creates a rogue admin account, they can modify content, install malicious code, steal sensitive user data, or use the website's reputation to launch phishing attacks. This poses a significant risk not only to the business's operations and data integrity but also to its customers and brand reputation. Given that the vulnerability is under active exploitation, the threat is not theoretical but an ongoing campaign. All websites running a vulnerable version of the WP Maps Pro plugin are at high risk.

This actively exploited flaw gives attackers a simple way to gain full administrative control over thousands of WordPress sites, leading to potential data theft and site defacement.

A compromised website can lead to significant reputational damage, customer data breaches, and financial loss from cleanup efforts and lost business.