1. OttoKit (SureTriggers) – Admin Account Creation via Auth Bypass (CVE-2025-3102)

• Severity: Critical (CVSS 9.8)

• Impact: Complete site compromise, remote code execution.

• Status: Patched in latest update.

• Active Exploitation: Observed in the wild.3

A severe vulnerability was identified in the Crawlomatic plugin, which allows unauthenticated attackers to upload arbitrary files, leading to remote code execution. This flaw affects versions up to 2.6.8.1 and has been assigned a CVSS score of 9.8, indicating critical severity. Users are urged to update to the latest version immediately to mitigate potential exploitation.

2. Privilege Escalation in OttoKit Plugin (CVE-2025-3102)

• Severity: High

• Impact: Unauthorized administrative access, full control of affected sites.

• Status: Fixed in version 1.0.83.

• Active Exploitation: Actively exploited since early May 2025.

The OttoKit plugin, installed on over 100,000 websites, was found to have a logic error that permits unauthenticated users to create administrator-level accounts via its API. Exploitation of this vulnerability began as early as May 2, 2025, with mass attacks observed shortly thereafter. Administrators should update to version 1.0.83 to address this issue.

3. Unauthorized Admin Account Creation in Eventin Plugin (CVE-2025-47539)

• Severity: Critical

• Impact: High risk of unauthorized admin access.

• Status: Patched in version 4.0.27.

• Active Exploitation: Exploits detected, widespread attacks.

A critical flaw in the Eventin plugin allows attackers to create administrator accounts without authentication. The vulnerability stems from an unsecured REST API endpoint responsible for speaker imports. With over 10,000 websites using Eventin, the potential impact is significant. Updating to version 4.0.27 is essential to secure affected sites.

4. Cross-Site Request Forgery in ALT Monitoring Plugin (CVE-2025-4194)

• Severity: Medium

• Impact: Potential unauthorized changes, data compromise.

• Status: Plugin temporarily withdrawn pending security review.

• Active Exploitation: No confirmed exploits yet.

The ALT Monitoring plugin, up to version 1.0.3, contains a CSRF vulnerability due to missing nonce validation on its edit page. This flaw allows attackers to trick administrators into executing unauthorized actions, potentially compromising site integrity. The plugin has been temporarily removed pending a security review, and users are advised to deactivate it until a patched version is available.

5. Surge in Plugin Vulnerabilities

• Severity: Varies (medium to critical)

• Impact: Increased risk of exploitation across numerous plugins.

• Status: Partial patches; numerous plugins awaiting updates.

• Active Exploitation: Exploitation attempts observed across multiple plugins.

Reports indicate a significant increase in disclosed vulnerabilities within the WordPress ecosystem. For instance, between May 5 and May 11, 2025, 222 vulnerabilities were reported across 202 plugins and 2 themes . Similarly, another report highlighted 234 new vulnerabilities, with 92 remaining unpatched . This trend emphasizes the need for continuous monitoring and timely updates.