PT-2026-49185 · WordPress · Wp Maps Pro
Erwan Lr
·
Published
2026-06-15
·
Updated
2026-06-15
·
CVE-2026-8935
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
WP MAPS PRO versions prior to 6.1.1
Description
The plugin registers an unauthenticated AJAX action that allows the creation of an administrator account. By providing a valid nonce, which is publicly available on any frontend page that enqueues the map script, an attacker can unconditionally create an admin account and receive a magic-login URL that provides interactive administrative access.
Recommendations
Update to version 6.1.1 or later.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wp Maps Pro