A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure.The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites.”The
First seen on thehackernews.com
Jump to article: thehackernews.com/2025/04/ottokit-wordpress-plugin-admin-creation.html
