A critical vulnerability in WP Maps Pro, a commercial WordPress plugin with more than 15,000 sales on the Envato Market, is being actively exploited by attackers to create malicious administrator accounts on vulnerable sites. The flaw, tracked as CVE-2026-8732 with a CVSS score of 9.8, allows unauthenticated users to gain full administrative control of any WordPress installation […]This story continues at The Next Web