Security researchers spotted threat actors exploiting a severe WordPress plugin vulnerability almost immediately after the flaw’s disclosure.
Authentication bypass vulnerability in WordPress plugin
An authentication bypass vulnerability affecting the OttoKit (formerly SureTriggers) WordPress plugin was recently disclosed.
The flaw, tracked as CVE-2025-3102, affects versions 1.0.78 and earlier of the plugin. If exploited, it could let threat actors bypass authentication and create new adminis
