A vulnerability, which was classified as problematic , was found in rahulbhangale WP-Ultimate-Map Plugin up to 1.1 on WordPress. Affected is the function process_init of the component Setting Handler . Such manipulation of the argument save-setting leads to cross-site request forgery. This vulnerability is traded as CVE-2026-8907 . The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.