295/69 Tuesday, June 2, 2026
A significant cybersecurity threat has been identified targeting websites running WordPress through a vulnerability in the WP Maps Pro plugin, a widely used extension for creating interactive maps. The vulnerability, tracked as CVE-2026-8732, has been rated Critical and affects WP Maps Pro version 6.1.0 and earlier. The flaw allows unauthenticated attackers to create rogue administrator accounts without requiring any form of authentication, potentially leading to full website compromise and unauthorized access to sensitive information belonging to government agencies, businesses, and other organizations using the plugin.
The vulnerability originates from a Temporary Access feature that was originally designed to allow the plugin developer’s support team to troubleshoot customer issues. However, insufficient access control validation enables attackers to manipulate specific parameters and abuse the functionality. When exploited, the system automatically creates a new administrator account with a randomly generated username associated with the email address support@flippercode[.]com and generates a passwordless login link. By accessing the generated link, attackers obtain full administrative privileges, allowing them to install malicious software, alter website content, steal data, or completely take over the affected website. Security researchers have already observed thousands of exploitation attempts targeting this vulnerability.
The plugin developer has acknowledged the issue and released WP Maps Pro version 6.1.1 to address CVE-2026-8732. Website administrators using WP Maps Pro should immediately update to the latest version to mitigate the risk of compromise. In addition, administrators are advised to thoroughly review all user accounts within their WordPress environments. Any unfamiliar administrator accounts, accounts with usernames beginning with fc_user_, or accounts associated with support@flippercode[.]com should be promptly disabled and removed. Organizations should also perform integrity checks on website files and configurations to identify any unauthorized modifications and ensure the overall security of their systems.