Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
🚨 Marked as known exploited on April 11th, 2025 (7 days ago).
Description: A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites. "The

CVSS: HIGH (8.1)

EPSS Score: 0.17%

Source: TheHackerNews
April 11th, 2025 (7 days ago)
Hackers exploit WordPress plugin auth bypass hours after disclosure
🚨 Marked as known exploited on April 10th, 2025 (7 days ago).
Description: Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. [...]
Source: BleepingComputer
April 10th, 2025 (7 days ago)

CVE-2025-3102
SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation
🚨 Marked as known exploited on April 11th, 2025 (7 days ago).
Description: The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.

CVSS: HIGH (8.1)

EPSS Score: 0.17%

Source: CVE
April 10th, 2025 (8 days ago)