HomeCybersecurityArticle
Cyber · The Next Web

A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it

By Darius PopaJune 1, 2026 · 1 min read

A critical vulnerability in WP Maps Pro, a commercial WordPress plugin with more than 15,000 sales on the Envato Market, is being actively exploited by attackers to create malicious administrator accounts on vulnerable sites. The flaw, tracked as CVE-2026-873…

TL;DR A critical vulnerability (CVE-2026-8732, CVSS 9.8) in the WP Maps Pro WordPress plugin allows unauthenticated attackers to create admin accounts and take over sites. Wordfence blocked 2,858 ex…

Cybersecurity
Cyber · The Next Web
The Sovereign Post
■ More from Cybersecurity
Cyber · GlobeNewswire
Levi & Korsinsky Reminds Shareholders of a Lead Plaintiff Deadline of June 23, 2026 in Regencell Bioscience Holdings Limited Lawsuit - RGC
Were Regencell's Boilerplate Risk Warnings Adequate? Lawsuit Alleges $14 Billion Company Used Generic Volatility Disclaimers to Mask Specific Market Manipulation Vulnerability Were Regencell's Boilerplate Risk Warnings Adequate? Lawsuit Alleges $14 Billion Co…
Levi & Korsinsky, LLP · June 1, 2026
Cyber · GlobeNewswire
AVAV Shareholder Alert: July 27, 2026 Lead Plaintiff Deadline in AeroVironment, Inc. Securities Class Action - Contact Levi & Korsinsky
Important Notice Regarding Alleged Misrepresentations About AeroVironment's SCAR Program Competitive Risks and Single-Vendor Contract Vulnerability Important Notice Regarding Alleged Misrepresentations About AeroVironment's SCAR Program Competitive Risks and …
Levi & Korsinsky, LLP · June 1, 2026
Cyber · Alltoc.com
Why did Meta fix Instagram email-change exploit? #tech
Meta fixed a chatbot linked Instagram email issue Hackers claimed they used Meta’s AI support chatbot to change the email addresses attached to Instagram accounts, during a period when high profile account takeovers were widespread. Meta responded by addressi…
AllToc · June 1, 2026
Cyber · Tom's Hardware UK
Windows Server vulnerability can grant system privileges with just a malformed packet — domain controllers are being exploited in the wild
9.8-rated Windows Server vulnerability can grants system privileges with just a malformed packet — domain controllers being exploited in the wild
editors@tomshardware.com (Bruno Ferreira) , Bruno Ferreira · June 1, 2026