WP Maps Pro Privilege Escalation Vulnerability Allowing Administrator Account Creation

A vulnerability in the WP Maps Pro plugin for WordPress, present in all versions through 6.1.0, allows for privilege escalation by enabling unauthenticated users to create administrator accounts. This issue arises because the wpgmp_temp_access_ajax AJAX action is registered with wp_ajax_nopriv_ and is only protected by a nonce check using the fc-call-nonce nonce. This nonce is publicly available on every frontend page, making the protection ineffective. Exploiting this vulnerability involves invoking the wpgmp_temp_access_support handler with check_temp set to false, which triggers the creation of a new WordPress user with administrator privileges. The attacker is then provided with a login URL that, when accessed, authenticates them as the new administrator, leading to complete control over the site.

Impact

Exploitation of this vulnerability allows for unauthorized creation of administrator accounts, enabling full control over the WordPress site.

Remediation

Users are advised to update the WP Maps Pro plugin to version 6.1.1 or a newer patched version.