A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation bug impacting all versions of the plugin prior to and including version 1.0.82. 
"This is due to the create_wp_connection() function missing a capability check and



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/05/ottokit-wordpress-plugin-with-100k.html