Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
🚨 Marked as known exploited on May 7th, 2025 (26 days ago).
Description: A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82.  "This is due to the create_wp_connection() function missing a capability check and

CVSS: CRITICAL (9.8)

EPSS Score: 17.88%

Source: TheHackerNews
May 7th, 2025 (26 days ago)

CVE-2025-27007
WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability
🚨 Marked as known exploited on May 7th, 2025 (26 days ago).
Description: Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82.

CVSS: CRITICAL (9.8)

EPSS Score: 17.88%

SSVC Exploitation: none

Source: CVE
May 1st, 2025 (about 1 month ago)
OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
🚨 Marked as known exploited on April 11th, 2025 (about 2 months ago).
Description: A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites. "The

CVSS: HIGH (8.1)

EPSS Score: 0.14%

Source: TheHackerNews
April 11th, 2025 (about 2 months ago)
Hackers exploit WordPress plugin auth bypass hours after disclosure
🚨 Marked as known exploited on April 10th, 2025 (about 2 months ago).
Description: Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]
Source: BleepingComputer
April 10th, 2025 (about 2 months ago)

CVE-2025-3102
SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation
🚨 Marked as known exploited on April 11th, 2025 (about 2 months ago).
Description: The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.

CVSS: HIGH (8.1)

EPSS Score: 0.14%

Source: CVE
April 10th, 2025 (about 2 months ago)