Summary

Threat actors are actively exploiting a critical vulnerability in the WP Maps Pro WordPress plugin to create unauthorized administrator accounts. This plugin, popular for embedding customizable maps, has been sold over 15,000 times on the Envato Market.

Key Points

• The vulnerability affects WP Maps Pro, a WordPress plugin.
• WP Maps Pro is used for embedding Google Maps and OpenStreetMap with advanced features.
• The plugin has over 15,000 sales on the Envato Market.
• Threat actors are exploiting this flaw to create malicious admin accounts on vulnerable sites.

Analysis

The exploitation of this critical flaw in WP Maps Pro poses a significant risk to websites using the plugin, as unauthorized admin accounts can lead to full site compromise. Given the plugin's popularity, a large number of sites could be at risk, highlighting the need for immediate attention and remediation by site administrators.

Conclusion

IT professionals managing WordPress sites with WP Maps Pro should urgently check for updates or patches to mitigate this vulnerability. Regular monitoring and auditing of admin accounts are also recommended to detect any unauthorized access.