- An error in Ottokit allows the threat actors to create new administration accounts
- The error can lead to the complete acquisition of the website
- More than 100,000 websites are at risk
Almost immediately after being revealed to the public, vulnerability was used in a WordPress complement in an attack, security researchers warned.
Earlier this week, the Wordfence security team revealed an authentication bypass in Ottokit, the work flow authentication platform all in one. Vulnerability is tracked as CVE-2025-3102, and received a gravity score 8.1/10 (high).
It affects all complement versions up to 1.0.78, and allows threat actors to create new administrator accounts without authentication. The accounts can be used for the complete acquisition of the website, which represents an immense risk for hundreds of thousands of websites with WordPress using this complement. The WordPress website showed “more than 100,000 active facilities.”
Hours to attack
The first clean version is 1.0.79, although at this time, version 1.0.80 is available for download. Users are advised to update their complement to the newest version as soon as possible, especially because in-the-Bild abuse was already observed.
According to Patchstack, the first attempts to exploit the defect were registered only “hours” after the fault was revealed, Bleepingcom reported.
“The attackers rushed to exploit this vulnerability, with the first recorded attempt that occurred only four hours after Vatch was added to our database,” Patchstack reports. “This rapid exploitation highlights the critical need to apply patches or mitigations immediately after the public dissemination of such vulnerabilities,” the researchers said.
To make things worse, there is evidence that points to automated attacks, which means that thousands of websites could be quickly compromised.
Ottokit is a workflow automation platform all in one designed to connect applications, services and WordPress accessories. It allows users to automate repetitive tasks and optimize commercial processes. Previously it was known as Suretriggers and admits integration with more than 1,000 applications.
WordPress complements and issues are almost constantly scanning for vulnerabilities. The owners of websites are advised to uninstall and disable all those who are not using at any time, and maintain those who make updated.
Through Bleepingcomputer
