Hackers exploit OttoKit WordPress plugin flaw to add admin accounts

Hackers exploit OttoKit WordPress plugin flaw to add admin accounts

Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites.

OttoKit WordPress 插件遭遇漏洞攻击，安装量超 10 万次

OttoKit WordPress 插件遭遇漏洞攻击，安装量超 10 万次

OttoKit WordPress Plugin With 100K+ Installs Hit By Exploits Targeting Multiple Flaws - Cybernoz - Cybersecurity News

May 07, 2025Ravie LakshmananVulnerability / Web Security A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82. “This is due to the create_wp_connection() function missing a capability check and in…

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.  "This is due to the create_wp_connection() function missing a capability check and