OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

Posted on By CWS No Comments on OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

Could 07, 2025Ravie LakshmananVulnerability / Net Safety
A second safety flaw impacting the OttoKit (previously SureTriggers) WordPress plugin has come below lively exploitation within the wild.
The vulnerability, tracked as CVE-2025-27007 (CVSS rating: 9.8), is a privilege escalation bug impacting all variations of the plugin previous to and together with model 1.0.82.
“That is as a result of create_wp_connection() perform lacking a functionality test and insufficiently verifying a consumer’s authentication credentials,” Wordfence mentioned. “This makes it potential for unauthenticated attackers to ascertain a connection, which in the end could make privilege escalation potential.”

That mentioned, the vulnerability is exploitable solely in two potential situations –

When a web site has by no means enabled or used an utility password, and OttoKit has by no means been related to the web site utilizing an utility password earlier than
When an attacker has authenticated entry to a web site and might generate a legitimate utility password

Wordfence revealed that it noticed the menace actors trying to take advantage of the preliminary connection vulnerability to ascertain a reference to the positioning, adopted through the use of it to create an administrative consumer account through the automation/motion endpoint.

Moreover, the assault makes an attempt concurrently intention for CVE-2025-3102 (CVSS rating: 8.1), one other flaw in the identical plugin that has additionally been exploited within the wild since final month.
This has raised the chance that the menace actors are opportunistically scanning WordPress installations to see if they’re vulnerable to both of the 2 flaws. The IP addresses which were noticed concentrating on the vulnerabilities are listed beneath –

2a0b:4141:820:1f4::2
41.216.188.205
144.91.119.115
194.87.29.57
196.251.69.118
107.189.29.12
205.185.123.102
198.98.51.24
198.98.52.226
199.195.248.147

On condition that the plugin has over 100,000 lively installations, it is important that customers transfer rapidly to use the newest patches (model 1.0.83).
“Attackers could have began actively concentrating on this vulnerability as early as Could 2, 2025 with mass exploitation beginning on Could 4, 2025,” Wordfence mentioned.

Discovered this text fascinating? Comply with us on Twitter  and LinkedIn to learn extra unique content material we submit.

The Hacker News Tags:, , , , , , , , ,

Related Posts

Password Reuse in Disguise: An Often-Missed Risky Workaround Password Reuse in Disguise: An Often-Missed Risky Workaround The Hacker News
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC The Hacker News
Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs Alert Fatigue, Data Overload, and the Fall of Traditional SIEMs The Hacker News
Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection The Hacker News
Privacy in the Age of Agentic AI Privacy in the Age of Agentic AI The Hacker News
Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released The Hacker News

Leave a Reply

Your email address will not be published. Required fields are marked *