Skip to main content

Wp Maps Pro

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-8935 CRITICAL POC PATCH Act Now

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin access.

WordPress Information Disclosure Wp Maps Pro
NVD WPScan
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-8935
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin access.

WordPress Information Disclosure Wp Maps Pro
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy