Security News > 2025 > May > Hackers exploit OttoKit WordPress plugin flaw to add admin accounts

Hackers exploit OttoKit WordPress plugin flaw to add admin accounts

2025-05-07 15:37

Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. [...]

News URL

https://www.bleepingcomputer.com/news/security/hackers-exploit-ottokit-wordpress-plugin-flaw-to-add-admin-accounts/

#exploit #hacker #wordpress

Related news

Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices (source)
Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet (source)
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws (source)
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell (source)
Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics (source)
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	93	44	18	157
Plugin		2	0	13	1	0	14

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.