OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

May 7, 2025

A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.
“This is due to the create_wp_connection() function missing a capability check and

SOURCE:

Share the Post:

Related News

Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware

The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT

Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable

Europol Shuts Down Six DDoS-for-Hire Services Used in Global Attacks

Europol has announced the takedown of distributed denial of service (DDoS)-for-hire services that were used to launch thousands of cyber-attacks

Company

Services

Contact Us

CentryNex Cybersecurity Limited is registered in England and Wales under company number 15482051 with its registered office at Paramount House, 1 Delta Way, Egham, Surrey TW20 8RX UK