Security Bulletin: OttoKit WordPress Plugin Vulnerability, CVE-2025-27007
By Bruce Skillern CVE-2025-27007 is a critical unauthenticated privilege escalation vulnerability affecting the OttoKit WordPress plugin (formerly SureTriggers), which is used by over 100,000 websites for workflow automation and third-party integration. The vulnerability exists in the plugin’s create_wp_connection() function, which fails to properly verify user authentication when application passwords are not configured. This allows unauthenticated […]