1. OttoKit (SureTriggers) – Admin Account Creation via Auth Bypass (CVE-2025-3102)

• Severity: High (CVSS 8.1)

• Impact: Unauthorized creation of administrator accounts

• Status: Patched in version 1.0.79

• Active Exploitation: Yes

A critical vulnerability in the OttoKit plugin (formerly SureTriggers), affecting versions up to 1.0.78, allows unauthenticated attackers to create administrator accounts by exploiting a missing check on the ‘secret_key’ parameter. This flaw has been actively exploited within hours of disclosure, with attackers using usernames like “xtw1838783bc” and “test123123” to gain control over affected sites. Site owners are urged to update to version 1.0.79 immediately and audit their user accounts for any unauthorized additions.

2. Greenshift – Arbitrary File Upload Vulnerability

• Severity: Critical

• Impact: Remote code execution via arbitrary file uploads

• Status: Patched

• Active Exploitation: Yes

The Greenshift plugin, installed on over 50,000 WordPress sites, was found to have a vulnerability that permits unauthenticated users to upload arbitrary files, potentially leading to remote code execution. This flaw has been actively exploited, compromising numerous websites. A patch has been released, and administrators are strongly advised to update their plugins without delay.

3. WordPress Automatic Plugin – Unauthenticated Arbitrary SQL Execution (CVE-2024-27956)

• Severity: Critical (CVSS 9.9)

• Impact: Execution of arbitrary SQL queries

• Status: Patched

• Active Exploitation: Yes

A severe vulnerability in the WordPress Automatic Plugin, affecting versions up to 3.92.0, allows unauthenticated attackers to execute arbitrary SQL queries via a vulnerable authentication mechanism in the CSV export feature. This flaw has been actively exploited, with over 6,500 attempts blocked by security services. Users should ensure they have updated to the latest version to mitigate this risk.

4. Startklar Elementor Addons – Unauthenticated Arbitrary File Upload (CVE-2024-4345)

• Severity: Critical (CVSS 10.0)

• Impact: Remote code execution through malicious file uploads

• Status: Patched

• Active Exploitation Yes

The Startklar Elementor Addons plugin, in versions up to 1.7.13, contains a vulnerability that allows unauthenticated users to upload files without proper validation, leading to potential remote code execution. Security services have deployed virtual patches to protect users, but it’s imperative to update the plugin to the latest version to ensure complete security.

5. Ally – Web Accessibility & Usability Plugin – Unpatched Vulnerability

• Severity: High

• Impact: Potential unauthorized access or data manipulation

• Status: Unpatched

• Active Exploitation: Unknown

The Ally plugin, designed to enhance web accessibility, has been identified with a high-severity vulnerability that remains unpatched. While specific details are limited, the lack of a security update poses a significant risk. Administrators using this plugin should consider deactivating it until a patch is released or seek alternative solutions to maintain site accessibility.