Ethical Hacking News
Hackers have already begun exploiting a high-severity vulnerability in the OttoKit (formerly SureTriggers) plugin for WordPress, just hours after its public disclosure. Upgrade to the latest version of the plugin and monitor your website's security to prevent potential exploitation.
The OttoKit WordPress plugin has been exploited by hackers just hours after its public disclosure, with a high-severity vulnerability (CVE-2025-3102) allowing unauthorized access to protected API endpoints. The vulnerability stems from a missing empty value check in the authenticate_user() function, which handles REST API authentication. The implications of this vulnerability are severe, as attackers can create new administrator accounts without authentication and manipulate user roles, installation of plugins/themes, database access events, and modification of security settings. Users are strongly recommended to upgrade to the latest version of OttoKit/SureTriggers (1.0.79) to protect themselves from this vulnerability.
In a shocking turn of events, hackers have already begun exploiting a high-severity vulnerability in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after its public disclosure. The vulnerability, identified as CVE-2025-3102, allows attackers to bypass authentication and gain unauthorized access to protected API endpoints.
The OttoKit WordPress plugin is widely used by over 100,000 websites, with many more likely to be affected given the widespread nature of the vulnerability. Statistics show that the product is active on numerous high-profile sites, making it a prime target for malicious actors.
According to Wordfence, an organization specializing in cybersecurity and threat intelligence, the flaw stems from a missing empty value check in the authenticate_user() function, which handles REST API authentication. Exploitation of this vulnerability becomes possible when the plugin is not configured with an API key, causing the stored secret_key to remain empty.
The implications of this vulnerability are severe, as attackers can create new administrator accounts without authentication, posing a high risk of full site takeover. In essence, CVE-2025-3102 allows attackers to manipulate user roles, installation of plugins/themes, database access events, and modification of security settings.
Researchers at WordPress security platform Patchstack have warned that the first exploitation attempts in the wild were logged just four hours after the vulnerability was added as a vPatch to their database. This swift exploitation highlights the critical need for users to apply patches or mitigations immediately upon public disclosure of such vulnerabilities.
In response to the public disclosure, the plugin vendor released a fix via version 1.0.79 on April 3, but hackers quickly jumped at the opportunity to exploit the issue. The delay in updating the plugin by administrators has allowed malicious actors to take advantage of this vulnerability, posing a significant threat to online security.
To protect themselves from this vulnerability, users are strongly recommended to upgrade to the latest version of OttoKit/SureTriggers, currently 1.0.79. It is also advisable for users to check their logs for unexpected admin accounts or other user roles, installation of plugins/themes, database access events, and modification of security settings.
Furthermore, users should remain vigilant and monitor their website's security for any signs of exploitation. Regular backups and updates are crucial in preventing the spread of malware and maintaining online security.
In conclusion, the rapid exploitation of CVE-2025-3102 highlights the importance of timely patching and vigilance when it comes to cybersecurity. Users must prioritize their online security by applying patches and mitigations immediately upon public disclosure of vulnerabilities like this one.
Hackers have already begun exploiting a high-severity vulnerability in the OttoKit (formerly SureTriggers) plugin for WordPress, just hours after its public disclosure. Upgrade to the latest version of the plugin and monitor your website's security to prevent potential exploitation.
Related Information:
https://www.ethicalhackingnews.com/articles/Hackers-Exploit-WordPress-Plugin-Auth-Bypass-Vulnerability-Just-Hours-After-Public-Disclosure-ehn.shtml
https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-auth-bypass-hours-after-disclosure/
Published: Thu Apr 10 15:02:32 2025 by llama3.2 3B Q4_K_M
