Tech News

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

By Viral Trending Content 2 Min Read

May 07, 2025Ravie LakshmananVulnerability / Web Security

A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild.

The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.

“This is due to the create_wp_connection() function missing a capability check and insufficiently verifying a user’s authentication credentials,” Wordfence said. “This makes it possible for unauthenticated attackers to establish a connection, which ultimately can make privilege escalation possible.”

That said, the vulnerability is exploitable only in two possible scenarios –

  • When a site has never enabled or used an application password, and OttoKit has never been connected to the website using an application password before
  • When an attacker has authenticated access to a site and can generate a valid application password

Wordfence revealed that it observed the threat actors attempting to exploit the initial connection vulnerability to establish a connection with the site, followed by using it to create an administrative user account via the automation/action endpoint.

Cybersecurity

Furthermore, the attack attempts simultaneously aim for CVE-2025-3102 (CVSS score: 8.1), another flaw in the same plugin that has also been exploited in the wild since last month.

This has raised the possibility that the threat actors are opportunistically scanning WordPress installations to see if they are susceptible to either of the two flaws. The IP addresses that have been observed targeting the vulnerabilities are listed below –

  • 2a0b:4141:820:1f4::2
  • 41.216.188.205
  • 144.91.119.115
  • 194.87.29.57
  • 196.251.69.118
  • 107.189.29.12
  • 205.185.123.102
  • 198.98.51.24
  • 198.98.52.226
  • 199.195.248.147

Given that the plugin has over 100,000 active installations, it’s essential that users move quickly to apply the latest patches (version 1.0.83).

“Attackers may have started actively targeting this vulnerability as early as May 2, 2025 with mass exploitation starting on May 4, 2025,” Wordfence said.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

You Might Also Like

Apple AI Pin Specs Leak: Dual Cameras, No Screen & More

The diverse responsibilities of a principal software engineer

OpenAI Backs Bill That Would Limit Liability for AI-Enabled Mass Deaths or Financial Disasters

Google’s Fitbit Tease has me More Excited for Garmin’s Whoop Rival

Why the TCL NXTPAPER 14 Is One of the Best Tablets for Musicians and Sheet Music Reading

TAGGED: , , , , , , , ,
Share This Article
Previous Article Xiaomi 14 : date de sortie, prix et autres rumeurs
Next Article People Can't Believe How Good The Beer Looks In Grand Theft Auto VI
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

- Advertisement -

Latest News

JPMorgan CEO Jamie Dimon says he’s ‘learned and relearned’ to not make big decisions when he’s tired on Fridays
Business
Apple AI Pin Specs Leak: Dual Cameras, No Screen & More
Tech News
A ‘glass-like’ battlefield: German Army chief on the future of warfare
World News
Polymarket Sees Record $153M Daily Volume After Chainlink Integration
Crypto
Natasha Lyonne Then & Now: See Before & After Photos of the Actress Here
Celebrity
Cult Hit Doki Doki Literature Club Fights Removal From Google Play Store Over ‘Depiction Of Sensitive Themes’
Gaming News
Dead as Disco Launches Into Early Access on May 5th, Groovy New Gameplay Released
Gaming News
Lost your password?