CVE-2026-8732 in the WP Maps Pro WordPress plugin allows unauthenticated creation of administrator accounts, with approximately 2,900 exploitation attempts observed in a 24-hour window across an estimated 15,000 affected installations. Patch status is unconfirmed from authoritative sources; immediate plugin deactivation or removal is required pending official vendor guidance.