WHAT ARE YOU LOOKING FOR?

Popular Tags

Raleigh, NC

32°F
Broken Clouds Humidity: 89%
Wind: 1.54 M/S

OttoKit Plugin Hit by Major Exploit Wave

Cyber-Threat الزيارات: 122
OttoKit Plugin Hit by Major Exploit Wave

OttoKit WordPress Plugin Hit by Second Major Security Flaw Now Under Active Exploitation 

A critical security vulnerability has been discovered and is actively being exploited in the OttoKit WordPress plugin, formerly known as SureTriggers. 

Tracked as CVE-2025-27007 with a CVSS score of 9.8, the flaw affects all plugin versions up to and including 1.0.82. It allows for privilege escalation, potentially giving attackers unauthorized access to administrator-level functions. 

According to Wordfence, the issue stems from the create_wp_connection() function, which lacks proper capability checks and fails to securely verify user authentication. This weakness allows unauthenticated attackers to establish a connection, paving the way for privilege escalation. 

The exploit can occur under two conditions: 

  • The website has never used or enabled application passwords, and OttoKit has never been linked via one. 
  • The attacker has valid user credentials and can generate a legitimate application password. 

Wordfence observed attackers exploiting this flaw to establish a connection and then create admin accounts via the plugin’s automation endpoint. Additionally, attackers are simultaneously targeting another vulnerability, CVE-2025-3102 (CVSS score: 8.1), also in OttoKit and under active exploitation since the previous month. 

These attacks suggest that threat actors are scanning WordPress sites en masse to find and exploit either of these vulnerabilities. The following IP addresses have been identified in connection with these exploits: 

  • 2a0b:4141:820:1f4::2 
  • 41.216.188.205 
  • 144.91.119.115 
  • 194.87.29.57 
  • 196.251.69.118 
  • 107.189.29.12 
  • 205.185.123.102 
  • 198.98.51.24 
  • 198.98.52.226 
  • 199.195.248.147 

With over 100,000 active installations, OttoKit users are urged to immediately update to version 1.0.83, which contains the necessary patch. 

Wordfence noted that mass exploitation may have begun as early as May 4, 2025, with initial probing activity detected on May 2, 2025. 

Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post. 

Image
Back To Top

With Cybersecurity Insights, current news and event trends will be captured on cybersecurity, recent systems / cyber-attacks, artificial intelligence (AI), technology innovation happening around the world; to keep our viewers fast abreast with the current happening with technology, system security, and how its effect our lives and ecosystem. 

Please fill the required field.