The WP Maps Pro plugin for WordPress versions up to 6.1.0 contains a critical privilege escalation vulnerability that allows unauthenticated attackers to create administrator accounts and achieve complete site takeover. The vulnerability exists in the wpgmp_temp_access_ajax AJAX action which is improperly protected by a publicly exposed nonce value. Attackers can exploit the wpgmp_temp_access_support handler to create administrator users and obtain magic login URLs for authentication bypass. This results in full administrative access to affected WordPress sites.