A critical security flaw in the OttoKit WordPress plugin (formerly SureTriggers) is actively exploited in the wild, allowing privilege escalation through unauthenticated connections. Users are urged to update to version 1.0.83 to mitigate the risk. (Affected: WordPress sites using OttoKit plugin prior to version 1.0.83)
Keypoints :
- An active exploitation of a privilege escalation vulnerability, CVE-2025-27007, affects all versions of the OttoKit plugin up to 1.0.82.
- The flaw is caused by missing capability checks in the create_wp_connection() function, enabling unauthenticated attackers to establish connections and potentially escalate privileges.
- Exploits are feasible only if the site has never enabled application passwords or if attackers already have authenticated access to the site.
- Threat actors are attempting to exploit this vulnerability to create administrative user accounts, often following initial connection attacks.
- Simultaneous attacks target another flaw, CVE-2025-3102, suggesting opportunistic scans across vulnerable WordPress installations.
- Observed attacker IPs include multiple addresses such as 144.91.119.115 and 198.98.51.24; attack activity may have started as early as May 2, 2025.
- It is crucial for affected sites to update the plugin to the latest version 1.0.83 immediately to prevent potential compromise.
Update β July 14, 2025:
OttoKit has clarified that there is no evidence of real-world exploitation related to CVE-2025-27007 or CVE-2025-3102. The issue was responsibly reported, patched within hours, and users were force-updated to version 1.0.83. You can read theΒ full official statement here.
Read More: https://thehackernews.com/2025/05/ottokit-wordpress-plugin-with-100k.html