OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

2025-05-07 13:44

A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82. "This is due to the create_wp_connection() function missing a capability check and

News URL

https://thehackernews.com/2025/05/ottokit-wordpress-plugin-with-100k.html

#exploit #wordpress #CVE-2025-27007

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2025-05-01	CVE-2025-27007	Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82.	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	93	44	18	157
Plugin		2	0	13	1	0	14

News URL

Related news

Related Vulnerability

Related vendor