• WordPress plugin auth bypass exploited almost immediately after d

    From TechnologyDaily@1337:1/100 to All on Fri Apr 11 10:30:07 2025
    WordPress plugin auth bypass exploited almost immediately after disclosure

    Date:
    Fri, 11 Apr 2025 09:29:00 +0000

    Description:
    Just hours after a bug were disclosed, hackers started scanning for
    vulnerable instances.

    FULL STORY ======================================================================A bug
    in OttoKit allows threat actors to create new admin accounts The bug can lead to full website takeover More than 100,000 websites are at risk

    Almost immediately after being disclosed to the public, a vulnerability in a WordPress plugin was used in an attack, security researchers have warned.

    Earlier this week, security outfit Wordfence disclosed an authentication bypass in OttoKit, the all-in-one workflow authentication platform. The vulnerability is tracked as CVE-2025-3102 , and was given a severity score 8.1/10 (high).

    It affects all versions of the plugin up to 1.0.78, and allows threat actors to create new administrator accounts without authentication. The accounts can then be used for full website takeover, posing immense risk for hundreds of thousands of WordPress-powered websites using this plugin. The WordPress website showed 100,000+ active installations."

    Monitor your credit score with TransUnion starting at $29.95/month

    TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnions advanced risk assessment tools.

    Preferred partner ( What does this mean? ) View Deal Hours to attack

    The first clean version is 1.0.79 although at the moment, version 1.0.80 is available for download. Users are advised to upgrade their plugin to the newest version as soon as possible, especially since in-the-wild abuse was already observed.

    According to Patchstack, the first attempts at exploiting the flaw were
    logged just hours after the flaw was disclosed, BleepingComputer reported.

    Attackers were quick to exploit this vulnerability, with the first recorded attempt occurring just four hours after it was added as a vPatch to our database, reports Patchstack. This swift exploitation highlights the critical need to apply patches or mitigations immediately upon the public disclosure
    of such vulnerabilities, the researchers said.

    To make matters worse, there is evidence pointing to the attacks being automated, meaning thousands of websites could quickly be compromised.

    OttoKit is an all-in-one workflow automation platform designed to connect applications, services, and WordPress plugins. It allows users to automate repetitive tasks and streamline business processes. It was formerly known as SureTriggers, and supports integration with more than 1,000 apps.

    WordPress plugins and themes are almost constantly being scanned for vulnerabilities. Website owners are advised to uninstall and disable all the ones theyre not using at any given moment, and keep the ones they do up to date.

    Via BleepingComputer You might also like Another serious WordPress plugin vulnerability could put 40,000 sites at risk of attack Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/wordpress-plugin-auth-bypass-exploited- almost-immediately-after-disclosure


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)