THE WP Maps Pro plugin for WordPress recently revealed a critical security vulnerability that allows unauthenticated users to gain administrative control of affected sites. Discovered by Wordfence, this zero-day flaw permits attackers to create new admin accounts without proper user verification due to inadequate checks in the plugin's support tools. The issue has led to active exploitation, with reports indicating that over 2,500 attacks targeting this vulnerability occurred in just 24 hours.
To mitigate the risk, site owners are urged to upgrade to version 6.1.1 or higher, as the vendor has implemented a robust capability check preventing unauthorized access. Additionally, security experts recommend employing a web application firewall and monitoring user activity for potential intrusions.