#WordPress: authentication bypass #vulnerability CVE-2025-3102 in #OttoKit plugin installed on 100,000+ websites is under active exploitation allowing attackers to perform full website takeover:
👇
https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-auth-bypass-hours-after-disclosure/
Sam Stepanyan :verified: 🐘 /
npub18d…rltg5
2025-04-12 08:59:02
Author Public Key
npub18d0arwv295u03fd825dvn5eharfx25rtrkemffxnar9dzn82drtssrltg5Published at
2025-04-12 08:59:02Event JSON
{
"id": "54e8e7aa335cd66704d79de602df80f529cd324aa881ad60e9af9f838bf63f7b",
"pubkey": "3b5fd1b98a2d38f8a5a7551ac9d337e8d265506b1db3b4a4d3e8cad14cea68d7",
"created_at": 1744448342,
"kind": 1,
"tags": [
[
"t",
"wordpress"
],
[
"t",
"vulnerability"
],
[
"t",
"ottokit"
],
[
"proxy",
"https://infosec.exchange/users/securestep9/statuses/114324166574126279",
"activitypub"
],
[
"client",
"Mostr",
"31990:6be38f8c63df7dbf84db7ec4a6e6fbbd8d19dca3b980efad18585c46f04b26f9:mostr",
"wss://relay.mostr.pub"
]
],
"content": "#WordPress: authentication bypass #vulnerability CVE-2025-3102 in #OttoKit plugin installed on 100,000+ websites is under active exploitation allowing attackers to perform full website takeover:\n👇\nhttps://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-auth-bypass-hours-after-disclosure/",
"sig": "c1238781dd6709b8ae42874134e93ee67f332d53196015774583025d5bba1a0906ffa2043c893ba7ccede473d29873b37cd5461c4c4032e66d7a4d7db9dc8030"
}