Critical WP Maps Pro Vulnerability Actively Exploited in the Wild

Recently, a major security threat emerged within the WordPress ecosystem. Attackers are actively targeting a critical flaw known as the WP Maps Pro vulnerability. Specifically, this zero-day flaw allows unauthenticated users to gain full administrative control. Because the bug is actively exploited in the wild, website owners must patch their systems immediately. Wordfence researchers discovered the flaw through their bug bounty program. Consequently, the community is racing to secure vulnerable web platforms.

Inside the Rogue Account Creation Flaw

To begin with, the security flaw resides in the way the plugin handles technical support tools. The software provides a temporary access option to help vendor developers solve technical issues. However, the underlying code fails to verify the privileges of the user making the request. According to the official advisory, “This vulnerability makes it possible for unauthenticated attackers to create new administrator accounts on the affected sites, leading to complete site takeover.”

Furthermore, the plugin utilizes a specific callback function called wpgmp_temp_access_ajax_callback(). This endpoint lacks a capability check in the vulnerable versions. Although the system includes a nonce check, external visitors can easily obtain this token. Therefore, anyone can trigger the backend script to insert a rogue administrator user into the database.

Active Exploitation and Severe Impact

Once the rogue account is created, the attacker receives a secret login URL. When the malicious actor visits this link, the site fully authenticates them without a password. As a result, the attacker gains full control over the compromised website. They can install malicious plugins or exfiltrate private data fields.

Currently, threat groups are heavily weaponizing the WP Maps Pro vulnerability across the web. Defensive telemetry indicates that hackers are rapidly launching automated campaigns against vulnerable targets. For instance, the published report states that “Wordfence blocked 2,514 attacks targeting this vulnerability in the past 24 hours.”. These statistics show how fast attackers exploit newly disclosed vulnerabilities.

Mandatory Patching Actions

Upgrading the Plugin

Fortunately, the software vendor released a secure update to eliminate this threat vector. The provider fixed the issue by adding a robust capability check to the vulnerable endpoint. This check ensures that only logged-in administrators can access the support function. Consequently, the system blocks unauthenticated requests automatically.

Future Security Advice

Webmasters must upgrade to version 6.1.1 or higher immediately to secure their digital spaces. In addition, security teams should implement a web application firewall to detect automated exploitation patterns. Monitoring user creation logs also helps detect unauthorized account modifications early. Ultimately, maintaining up-to-date software remains the most effective defense against modern cyber threats.