Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

The Hacker News by The Hacker News
May 7, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


May 07, 2025Ravie LakshmananVulnerability / Web Security

A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild.

The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.

“This is due to the create_wp_connection() function missing a capability check and insufficiently verifying a user’s authentication credentials,” Wordfence said. “This makes it possible for unauthenticated attackers to establish a connection, which ultimately can make privilege escalation possible.”

That said, the vulnerability is exploitable only in two possible scenarios –

  • When a site has never enabled or used an application password, and OttoKit has never been connected to the website using an application password before
  • When an attacker has authenticated access to a site and can generate a valid application password

Wordfence revealed that it observed the threat actors attempting to exploit the initial connection vulnerability to establish a connection with the site, followed by using it to create an administrative user account via the automation/action endpoint.

Cybersecurity

Furthermore, the attack attempts simultaneously aim for CVE-2025-3102 (CVSS score: 8.1), another flaw in the same plugin that has also been exploited in the wild since last month.

This has raised the possibility that the threat actors are opportunistically scanning WordPress installations to see if they are susceptible to either of the two flaws. The IP addresses that have been observed targeting the vulnerabilities are listed below –

  • 2a0b:4141:820:1f4::2
  • 41.216.188.205
  • 144.91.119.115
  • 194.87.29.57
  • 196.251.69.118
  • 107.189.29.12
  • 205.185.123.102
  • 198.98.51.24
  • 198.98.52.226
  • 199.195.248.147

Given that the plugin has over 100,000 active installations, it’s essential that users move quickly to apply the latest patches (version 1.0.83).

“Attackers may have started actively targeting this vulnerability as early as May 2, 2025 with mass exploitation starting on May 4, 2025,” Wordfence said.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks

Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks

Recommended.

StarTech.com Launches Industry-First USB4 Dock with Driverless Dual Display for Mac, Windows, and Linux

StarTech.com Launches Industry-First USB4 Dock with Driverless Dual Display for Mac, Windows, and Linux

April 30, 2026
Brilyant Announces Leadership Transition: Akash Saxenaa Appointed as Chief Executive Officer

Brilyant Announces Leadership Transition: Akash Saxenaa Appointed as Chief Executive Officer

May 3, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio