CVE-2026-8935

UNKNOWN 0.0

Advanced Google Maps < 6.1.1 - Unauthenticated Administrator Account Creation

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin access.

Vendor	unknown
Product	wp maps pro
Published	Jun 15, 2026

Stay Ahead of the Next One

Get instant alerts for unknown wp maps pro

Be the first to know when new unknown vulnerabilities affecting unknown wp maps pro are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / WP MAPS PRO

0 < 6.1.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/9bad9fc1-5032-45dc-983f-ba2dd7092385/

Credits

Erwan LR (WPScan) WPScan