What is CVE-2026-8732?

CVE-2026-8732 is a critical-severity vulnerability in Flippercode Wp Maps Pro, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2026-05-29.

How severe is CVE-2026-8732?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2026-8732 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Flippercode Wp Maps Pro

CVE-2026-8732

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmp_temp_access_ajax AJAX action being registered with wp_ajax_…

Vulnerability class: Broken Authentication

EPSS: 0.001 (26.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Flippercode Wp Maps Pro — versions 0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2026-8732?: CVE-2026-8732 is a critical-severity vulnerability in Flippercode Wp Maps Pro, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2026-05-29.
How severe is CVE-2026-8732?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2026-8732 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.