Summary: A critical vulnerability in the OttoKit WordPress plugin, tracked as CVE-2025-3102, could allow attackers to create new administrator accounts on affected sites, leading to complete website compromise. Over 100,000 installations are at risk, but only those that are unconfigured with an API key are exploitable. Users are urged to update to version 1.0.79 or later for protection against this vulnerability.
Affected: OttoKit WordPress Plugin
Keypoints :
- Vulnerability allows complete takeover of WordPress sites via authentication bypass.
- Attackers can create administrative accounts if the plugin is unconfigured.
- Users must update to OttoKit version 1.0.79 or later to mitigate the risk.
Source: https://www.securityweek.com/vulnerability-in-ottokit-wordpress-plugin-exploited-in-the-wild/