CVE-2026-8732
Privilege Escalation via Administrator Account Creation in WP Maps Pro
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flippercode | store_locator_for_wordpress_google_maps_openstreetmap_mapbox | to 6.1.2 (exc) |
| flippercode | store_locator_for_wordpress_google_maps_openstreetmap_mapbox | to 6.1.0 (inc) |
| wordfence | wp_maps_pro | to 6.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The WP Maps Pro plugin for WordPress has a vulnerability that allows an attacker to escalate their privileges by creating an administrator account without authentication.
This happens because the plugin registers an AJAX action that is supposed to be protected by a nonce check, but the nonce is publicly available on every frontend page, making the protection ineffective.
An unauthenticated attacker can exploit this by invoking a specific handler that creates a new WordPress user with administrator privileges and provides a magic login URL that authenticates the attacker as that administrator, leading to complete site takeover.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including complete takeover of your WordPress site by an attacker.
An attacker can create an administrator account without any authentication, allowing them full control over the site.
This can lead to unauthorized changes, data theft, defacement, installation of malicious code, or further attacks on site visitors.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the affected plugin version is installed and if the vulnerable AJAX action is accessible without authentication.
One approach is to verify the plugin version installed on your WordPress site. Versions up to and including 6.1.0 are vulnerable.
You can also attempt to detect the presence of the vulnerable AJAX action by sending an HTTP POST request to the WordPress admin-ajax.php endpoint with the action parameter set to wpgmp_temp_access_ajax and check for responses indicating user creation.
- Use curl or similar tools to send a POST request to: https://your-wordpress-site.com/wp-admin/admin-ajax.php with data: action=wpgmp_temp_access_ajax&check_temp=false&nonce=fc-call-nonce (nonce can be extracted from the frontend JavaScript object wpgmp_local).
- Check WordPress user list for any unexpected new administrator accounts.
What immediate steps should I take to mitigate this vulnerability?
The immediate and most effective mitigation is to update the Store Locator for WordPress plugin to version 6.1.2 or later, where the temporary access feature causing the vulnerability has been removed.
If updating is not immediately possible, restrict access to the vulnerable AJAX action by implementing additional access controls or disabling the plugin temporarily.
Additionally, review your WordPress user accounts for any unauthorized administrator accounts and remove them.
Monitor your site for suspicious activity and consider resetting administrator passwords.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthenticated attackers to create administrator accounts and take over WordPress sites using the affected plugin. This complete site takeover can lead to unauthorized access to sensitive data, potentially violating data protection regulations such as GDPR and HIPAA that require strict access controls and protection of personal and health information.
By enabling privilege escalation and unauthorized administrative access, the vulnerability undermines the security measures necessary to maintain compliance with these standards, increasing the risk of data breaches and non-compliance penalties.