A vulnerability was found in chrisvrichardson MapPress Maps for WordPress Plugin up to 2.96.6 on WordPress. It has been rated as critical . Impacted is the function Mappress_Api::rest_api_init of the file /wp-json/mapp/v1/maps of the component REST API . Performing a manipulation results in authorization bypass. This vulnerability was named CVE-2026-8839 . The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.