CVE-2026-8935

Published: Giu 15, 2026 Last Modified: Giu 15, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,8

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any frontend page enqueuing its map script, unconditionally creates an administrator account and returns a magic-login URL granting interactive admin access.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0013

Percentile

0,0th

Updated

EPSS Score Trend (Last 3 Days)

https://wpscan.com/vulnerability/9bad9fc1-5032-45dc-983f-ba…

https://wpscan.com/vulnerability/9bad9fc1-5032-45dc-983f-ba2dd7092385/

CVE-2026-8935

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 3 Days)

Iscriviti alla newsletter