A serious security issue discovered in the OttoKit plugin for WordPress, which was previously known as SureTriggers. This plugin helps users connect different tools like WooCommerce, Mailchimp, and Google Sheets to automate tasks such as sending emails or updating customer information without needing to write any code. It's quite popular, being used on over 100,000 websites.

The problem, identified as CVE-2025-3102, was found in the plugin's authentication system. Specifically, the function responsible for verifying users through the REST API didn't properly check if a required security key was present. If the plugin wasn't set up with an API key, this security key would be empty. Attackers could exploit this by sending a request with an empty 'st_authorization' header, effectively bypassing the authentication check. This allowed them to gain unauthorized access to the site's API endpoints.

Hackers began exploiting the vulnerability just a few hours after it was made public. Security experts observed attempts to create new administrator accounts using random usernames and passwords, indicating automated attacks.

The rapid exploitation of this vulnerability highlights the urgent need to apply patches or implement mitigations immediately after public disclosure. Notably, exploitation attempts have already been observed, with one originating from the IP address 89.169.15.201 (IPv4), emphasizing the importance of swift action to protect against potential threats.