Vulnerability Management Critical vulnerability in WP Maps Pro allows rogue administrator account creation June 1, 2026 Share By SC Staff (Credit: Bilal Ulker – stock.adobe.com) Hackers are actively exploiting a critical vulnerability in the WP Maps Pro WordPress plugin, allowing them to create rogue administrator accounts without authentication. The flaw, tracked as CVE-2026-8732, affects versions 6.1.0 and older of the plugin, which is used by over 15,800 websites for creating interactive maps and store locators. This vulnerability was discovered by security researcher David Brown and has been exploited in the wild, as reported by Bleeping Computer. The vulnerability stems from a temporary access feature intended for vendor support. Attackers can exploit an unauthenticated AJAX endpoint by sending a crafted request that bypasses nonce checks. This request triggers code to create a new WordPress user with administrator privileges, assign a random username, and use a hardcoded support email address. The plugin then generates a passwordless "magic login URL" and sends it to a remote system. Once the attacker accesses this URL, they gain full administrator access to the compromised website. This level of access allows attackers to inject backdoors, steal data, deploy malicious code, and take complete control of the site. Security researchers have observed and blocked thousands of exploitation attempts. WP Maps Pro released version 6.1.1 on May 20 to address this critical flaw, and website administrators are strongly advised to update the plugin immediately. Source: Bleeping Computer SC Staff Related Vulnerability Management Pretalx vulnerability allows account takeover and admin demotion SC Staff June 1, 2026 The vulnerability, with a CVSS score of 8.7, can be exploited with low privileges and complexity. Patch/Configuration Management Microsoft resolves Windows 11 update installation errors SC Staff June 1, 2026 The installation failures, often accompanied by messages like "Something didn't go as planned. Undoing changes," and log entries indicating "SpaceCheck" and "ServicingBootFiles failed," occurred when the ESP had 10 MB or less of available space. Vulnerability Management New CIFSwitch vulnerability allows Linux privilege escalation SC Staff June 1, 2026 The CIFSwitch vulnerability, which was discovered by SpaceX Security Engineer Asim Viladi Oglu Manizada, impacts multiple Linux distributions that use vulnerable versions of the Linux kernel's CIFS subsystem and the cifs-utils package. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds