OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

2025-04-11 04:58

A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites. "The

News URL

https://thehackernews.com/2025/04/ottokit-wordpress-plugin-admin-creation.html

#exploitation #vulnerability #wordpress #CVE-2025-3102

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-04-10	CVE-2025-3102	The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. network high complexity CWE-697	8.1

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	93	44	18	157
Plugin		2	0	13	1	0	14

News URL

Related news

Related Vulnerability

Related vendor