OttoKit WordPress plugin has a serious security flaw, thousands of users possibly affected
It's the second major bug found in OttoKit this month

- The OttoKit plugin was vulnerable to a critical flaw that allows the creation of new admin accounts
- It was patched in late April 2025, so users should update now
- Threat actors are looking for exposed websites
OttoKit, a popular automation WordPress plugin, is vulnerable to a critical-severity flaw that allows threat actors to take over entire websites.
The bug is described as an incorrect privilege assignment flaw in Brainstorm Force that allows privilege escalation. It affects all older versions of the website builder plugin, up until version 1.0.83, which was released on April 21, 2025. It is tracked as CVE-2025-27007 and has a severity score of 9.8/10 (critical).
In theory, threat actors could send a crafted POST request to a vulnerable REST API endpoint exposed by OttoKit, containing automation data that mimics internal plugin logic. Due to missing validation, OttoKit would fail to properly authenticate the request, and since the automation logic runs with elevated privileges, the threat actors are ultimately allowed to create a new user account and assign it the administrator role.
Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.
Preferred partner (What does this mean?)
Chats leaked
OttoKit, formerly known as SureTriggers, is designed to connect websites with various third-party services and enable workflow automation without coding.
It supports integrations with platforms like WooCommerce, Mailchimp, Google Sheets, and CRMs, allowing users to run tasks such as sending emails, updating user roles, or syncing data across apps.
The plugin has more than 100,000 users, but most of them have applied the patch already. Still, security researchers Patchstack said they observed attacks in the wild, starting almost immediately after the flaw was publicly disclosed.
"It is strongly recommended to update your site as soon as possible if you are using the OttoKit plugin, and to review your logs and site settings for these indicators of attack and compromise," Patchstack said.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
This is the second major vulnerability in OttoKit found this month, after CVE-2025-3102, another authentication bypass flaw, which was given a “high” severity score of 8.1/10.
Via BleepingComputer
You might also like
- Fortinet firewall bugs are being targeted by LockBit ransomware hackers
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.