<ul><li>Threat actors are exploiting a vulnerability in the OttoKit WordPress plugin, a few hours after public disclosure.</li><li>The vulnerability, known as CVE-2025-3102, has a CVSS score of 8.1.</li><li>The flaw allows attackers to create malicious administrator users on unconfigured WordPress sites using the plugin.</li><li>Immediate updates are strongly advised, as over 100,000 sites are potentially affected.</li></ul>

Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw

Discover more