WP MAPS PRO BUG LETS HACKERS CREATE ADMIN ACCOUNTS

Security researchers have identified an active exploitation campaign targeting WordPress sites running vulnerable versions of the WP Maps Pro plugin. The flaw enables unauthenticated attackers to generate rogue administrator accounts, granting full control over compromised websites. The vulnerability allows threat actors to bypass WordPress security mechanisms entirely. Once admin access is obtained, attackers can modify site content, install malicious plugins, steal data, or use the compromised server for further attacks. What You Need to Know The WP Maps Pro plugin is used to display maps and location data on WordPress sites. The plugin's popularity makes it an attractive target for large-scale exploitation campaigns. Sites remain vulnerable until they upgrade to a patched version. Website administrators should immediately check their installed plugins and verify the version number against the plugin's official repository. Recommended Actions WordPress users should: - Update WP Maps Pro to the latest version immediately - Review administrator accounts for unauthorized entries - Check access logs for suspicious activity - Consider temporarily disabling the plugin if patches are unavailable - Enable two-factor authentication on all admin accounts The plugin developers have released security updates addressing the flaw. Users who cannot update immediately should deactivate the plugin until patched versions are deployed. This incident underscores the ongoing risk posed by third-party WordPress plugins. Regular security audits, timely updates, and careful plugin selection remain essential for site security. Website owners should regularly monitor official WordPress security advisories and plugin vendor announcements for vulnerability disclosures.