Attacks leveraging a recently patched high-severity authentication bypass vulnerability in the widely used OttoKit plugin for WordPress, tracked as CVE-2025-3102, were found by Patchstack to have occurred just four hours following its public disclosure and inclusion in the WordPress security platform's database, according to BleepingComputer.
"This swift exploitation highlights the critical need to apply patches or mitigations immediately upon the public disclosure of such vulnerabilities," said Patchstack researchers, who urged users of the impacted plugin, formerly known as SureTriggers, to implement the latest OttoKit version 1.0.79. Vulnerable WordPress sites affected by the OttoKit security issue which arose from the absence of an empty value check within the authenticate_user() function could be exploited to allow the creation of unauthorized administrative accounts through randomized credential and email address combinations and eventual total hijacking of targeted websites, researchers added. Organizations have also been advised to monitor unwanted admin accounts, themes, and database access events, as well as altered security settings.
"This swift exploitation highlights the critical need to apply patches or mitigations immediately upon the public disclosure of such vulnerabilities," said Patchstack researchers, who urged users of the impacted plugin, formerly known as SureTriggers, to implement the latest OttoKit version 1.0.79. Vulnerable WordPress sites affected by the OttoKit security issue which arose from the absence of an empty value check within the authenticate_user() function could be exploited to allow the creation of unauthorized administrative accounts through randomized credential and email address combinations and eventual total hijacking of targeted websites, researchers added. Organizations have also been advised to monitor unwanted admin accounts, themes, and database access events, as well as altered security settings.
