CVE-2026-8732 in the WP Maps Pro WordPress plugin (versions 6.1.0 and earlier) allows unauthenticated attackers to create administrator accounts on affected WordPress sites, granting full site control. Active automated exploitation is confirmed, with over 3,600 blocked attempts in a single 24-hour window. A patch (version 6.1.1) is available and should be applied immediately.