Alert: critical vulnerability in WP Maps Pro allows admin account theft

A serious security flaw has been detected in the WP Maps Pro plugin for WordPress. The vulnerability is being actively exploited by attackers to create administrator accounts on websites. This allows them to take full control of the page, steal data, or redirect users to fraudulent sites. If you use this plugin, you must update or deactivate it immediately to avoid losing access to your website.

WordPress admin panel screen showing WP Maps Pro plugin interface, glowing red warning symbols over map marker icons, a hooded figure silhouette reflected in the monitor glass while multiple new admin user profiles appear rapidly in the user list, keyboard with highlighted update button being pressed urgently, cinematic cybersecurity visualization, dark server room background, blue and red alert lights casting dramatic shadows, data streams flowing from map database into external servers, photorealistic technical illustration, high contrast lighting, intense action scene of digital intrusion

Technical details of the exploitation and available patch 🛡️

The vulnerability lies in a lack of validation in the plugin's AJAX requests, allowing an unauthenticated attacker to execute privileged functions. Through a malicious request, a user with an administrator role can be created without needing prior credentials. The developers have released a security update that fixes the flaw. It is recommended to apply the patch or deactivate the plugin until the correct installation is confirmed.

The plugin that gives any stranger an admin account 😱

It seems WP Maps Pro decided to do hackers a favor: open the door to your website without asking. It's like leaving the key in your house's lock with a sign that says come right in. The worst part is that the attacker doesn't even need to be a programming genius; just send a request and bam, they have their own WordPress dashboard. Good thing maps are so useful, right?