A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites. "The
![]()
source https://thehackernews.com/2025/04/ottokit-wordpress-plugin-admin-creation.html
source https://thehackernews.com/2025/04/ottokit-wordpress-plugin-admin-creation.html