On May 2nd, 2025 the Wordfence Threat Intelligence team added a new critical vulnerability to the Wordfence Intelligence vulnerability database in the OttoKit: All-in-One Automation Platform (Formerly SureTriggers) plugin publicly disclosed by a third-party CNA on April 30th, 2025. This vulnerability makes it possible for unauthenticated attackers to gain administrative level access to vulnerable sites, where the site has never used an application password nor connected to SureTriggers or by authenticated attackers with a valid application password.
The post Recently Disclosed SureTriggers Critical Privilege Escalation Vulnerability Under Active Exploitation appeared first on Wordfence.
This article has been indexed from Blog – Wordfence