Security News > 2025 > April > Hackers exploit WordPress plugin auth bypass hours after disclosure

Hackers exploit WordPress plugin auth bypass hours after disclosure

2025-04-10 19:11

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]

News URL

https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-auth-bypass-hours-after-disclosure/

#bypass #disclosure #exploit #hacker #wordpress

Related news

Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes (source)
Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
New SuperBlack ransomware exploits Fortinet auth bypass flaws (source)
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)
Critical flaw in Next.js lets hackers bypass authorization (source)
Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication (source)
Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert! (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	93	44	18	157
Plugin		2	0	13	1	0	14

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.