CVE-2026-8935 Advanced Google Maps < 6.1.1 - Unauthenticated Administrator Account Creation

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

CVE-2026-8935 Advanced Google Maps < 6.1.1 - Unauthenticated Administrator Account Creation

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin acces...

CVE-2026-8732

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmptempaccessajax AJAX action being registered with wpajaxnopriv and protected only by a nonce check using the...

Exploit for CVE-2026-8732

WP Maps Pro Unauthenticated Stored Cross-Site Scripting CVE-2...

Exploit for CVE-2026-8732

CVE-2026-8732 - WP Maps Pro &checktemp=false' 3. Login via...

WordPress WP Maps Pro plugin <= 6.0.4 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by David Brown in WordPress Plugin Advanced Google Maps versions = 6.0.4...