Tech & Innovation

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Focusing on A number of Flaws

World-Admin 0


Thank you for reading this post, don't forget to subscribe!

Might 07, 2025Ravie LakshmananVulnerability / Internet Safety

A second safety flaw impacting the OttoKit (previously SureTriggers) WordPress plugin has come beneath energetic exploitation within the wild.

The vulnerability, tracked as CVE-2025-27007 (CVSS rating: 9.8), is a privilege escalation bug impacting all variations of the plugin previous to and together with model 1.0.82.

“That is because of the create_wp_connection() operate lacking a functionality verify and insufficiently verifying a consumer’s authentication credentials,” Wordfence mentioned. “This makes it attainable for unauthenticated attackers to determine a connection, which finally could make privilege escalation attainable.”

That mentioned, the vulnerability is exploitable solely in two attainable eventualities –

  • When a website has by no means enabled or used an utility password, and OttoKit has by no means been related to the web site utilizing an utility password earlier than
  • When an attacker has authenticated entry to a website and might generate a sound utility password

Wordfence revealed that it noticed the risk actors making an attempt to use the preliminary connection vulnerability to determine a reference to the positioning, adopted by utilizing it to create an administrative consumer account through the automation/motion endpoint.

Cybersecurity

Moreover, the assault makes an attempt concurrently intention for CVE-2025-3102 (CVSS rating: 8.1), one other flaw in the identical plugin that has additionally been exploited within the wild since final month.

This has raised the chance that the risk actors are opportunistically scanning WordPress installations to see if they’re prone to both of the 2 flaws. The IP addresses which were noticed focusing on the vulnerabilities are listed beneath –

  • 2a0b:4141:820:1f4::2
  • 41.216.188.205
  • 144.91.119.115
  • 194.87.29.57
  • 196.251.69.118
  • 107.189.29.12
  • 205.185.123.102
  • 198.98.51.24
  • 198.98.52.226
  • 199.195.248.147

On condition that the plugin has over 100,000 energetic installations, it is important that customers transfer shortly to use the most recent patches (model 1.0.83).

“Attackers might have began actively focusing on this vulnerability as early as Might 2, 2025 with mass exploitation beginning on Might 4, 2025,” Wordfence mentioned.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.



Related Story