Critical WP Maps Pro Flaw Actively Exploited to Create Malicious Admin Accounts

Threat actors are actively exploiting a critical security flaw in WP Maps Pro, a WordPress plugin with over 15,000 sales on the Envato Market, to create malicious administrator accounts on vulnerable websites. The plugin enables site owners to embed customizable Google Maps and OpenStreetMap with advanced location features. No specific CVE ID, technical details of the vulnerability, or exploitation timeline were provided in the report. The impact involves unauthorized admin account creation, granting attackers full control over affected WordPress sites. The flaw is currently under active attack, though no affected version range was disclosed.