- A bug in Ottokit allows threat actors to create new administration accounts
- The bug can lead to the complete takeover of the website
- More than 100,000 websites are at risk
Almost immediately after being disclosed to the public, a vulnerability in a WordPress plugin was used in an attack, warned researchers warned.
Earlier this week, WordFence security clothing revealed an authentication bypass in Ottokit, the all-in-one workflow platform. Vulnerability is followed as CVE-2025-3102 and received a gravity score of 8.1 / 10 (high).
It affects all versions of the plugin up to 1.0.78 and allows threat stakeholders to create new administrator accounts without authentication. The accounts can then be used for full control of the website, posing a huge risk for hundreds of thousands of websites powered by WordPress using this plugin. The WordPress website has shown “more than 100,000 active facilities”.
Hours to attack
The first clean version is 1.0.79, although for the moment, version 1.0.80 is available for download. Users are advised to upgrade their plugin to the latest version as soon as possible, especially since the abuses in the jumps have already been observed.
According to Patchstack, the first attempts to exploit the flaw were recorded just “hours” after the disclosure of the fault, Bleeping Compompute.
“The attackers quickly exploited this vulnerability, the first registered attempt occurring only four hours after adding it as VPatch to our database,” reports Patchstack. “This rapid exploitation highlights the critical need to apply corrective or attenuations immediately after public disclosure of such vulnerabilities,” said researchers.
To worsen things, there is evidence indicating that attacks are automated, which means that thousands of websites could quickly be compromised.
Ottokit is an all-in-one workflow automation platform designed to connect WordPress applications, services and plugins. It allows users to automate repetitive tasks and rationalize business processes. He was previously known as over -geriggers and supported integration with more than 1,000 applications.
WordPress plugins and themes are almost constantly scanned for vulnerabilities. Sites owners are advised to uninstall and deactivate all those they use at some point, and keep those they make up to date.
Via Bleeping Compompute
