Vulnerabilities

Security advisory: Critical authentication bypass vulnerability in OttoKit (SureTriggers) 1.0.78 WordPress Plugin

Leave a Comment • By
Agencify

A critical security vulnerability has been identified and actively exploited in the OttoKit WordPress plugin, formerly known as SureTriggers. This flaw poses a severe risk to any websites using the affected versions, allowing unauthenticated attackers to bypass security checks and potentially create new, unauthorized administrative user accounts.

For all Agencify customers utilizing WordPress hosting, immediate action is required. We are prioritizing this advisory to ensure the security and continuity of your digital assets.

Table Of Contents
  1. The critical vulnerability: Unauthenticated access and administrator creation
  2. Immediate action required for Agencify customers
  3. Agencify commitment to security

The critical vulnerability: Unauthenticated access and administrator creation

The vulnerability, assigned a severity rating of Critical, exists within the plugin’s integration and initial setup logic.

What happened and the impact

The flaw is technically classified as an Authentication Bypass vulnerability. In essence, it allows an unauthenticated, remote attacker to exploit a weakness in how the plugin handles user verification.

  • The Exploit: An attacker can execute a malicious request that bypasses the standard login process. This process, originally intended for legitimate setup procedures, can be manipulated to create a new user account with full administrative privileges on the targeted WordPress site.
  • Rapid Exploitation: Security researchers reported that the vulnerability was actively exploited in the wild within four hours of the initial public disclosure. This rapid deployment of exploit code means that any site running the vulnerable versions is a current and high-priority target for automated attacks.
  • The Risk: A successful exploit grants the attacker total control over the website. This includes the ability to install Malware, deface the site, steal user data, execute malicious code, or lock out legitimate owners, leading to catastrophic reputational damage and data loss.

Affected plugin and versions

This vulnerability specifically affects the following versions:

  • Plugin Name: OttoKit (formerly SureTriggers)
  • Vulnerable Versions: All versions prior to 1.0.78

The vendor released a patch shortly after the initial disclosure. It is imperative that all users running the plugin verify their current version immediately.

Immediate action required for Agencify customers

We strongly recommend that all Agencify customers who manage their own WordPress installations take the following actions immediately.

Step 1: Check your version and update immediately

The simplest and most secure course of action is to update the plugin to the fully patched version.

  1. Log in to your WordPress administrative dashboard.
  2. Navigate to the Plugins section.
  3. Locate OttoKit (or SureTriggers) in your list of installed plugins.
  4. If your version is less than 1.0.78, click the “Update Now” link immediately.

If you are not actively using the plugin, or if the update process fails, the alternative is to deactivate and delete the plugin immediately until you can confirm a clean installation of the patched version.

Step 2: Verify user accounts for unauthorized access

If you were running a vulnerable version, you must check your site for signs of compromise, as the primary goal of this exploit is to establish persistent administrative access.

  1. Navigate to Users in your WordPress dashboard.
  2. Review all accounts, looking for any unfamiliar or recently created user accounts, especially those with the Administrator role.
  3. Immediately delete any unauthorized user accounts. If the username or email is suspicious, proceed with deletion and change your own administrator password as a precaution.

Step 3: Implement an immediate website backup

To ensure you have a clean point of recovery, execute a fresh, secure website backup immediately following the update/removal of the vulnerable plugin.

  • Agencify Cloud customers utilizing our integrated Website Backup services can execute a manual, on-demand backup through their hosting control panel.

Agencify commitment to security

At Agencify, the digital security of your assets is our paramount priority.

Managed hosting security

Our managed WordPress Hosting environment is equipped with proactive security monitoring and firewall protection. While our systems help filter out large-scale automated attacks, third-party software vulnerabilities require direct action from the website owner. We work continuously to ensure our core infrastructure remains secure, and we provide the robust, integrated Website Backup tools necessary for rapid recovery in the event of any security incident.

Agencify Xperts assistance

If your Enterprise or Agency requires specialized assistance with security auditing, vulnerability patching, or advanced forensic analysis following a potential exploit, Agencify Xperts offers labor-based digital technology services. Our specialists can provide expert guidance to:

  • Conduct a full security scan of your CMS database.
  • Verify the integrity of all core files, themes, and plugins.
  • Securely apply the patch and implement long-term hardening techniques.

Please contact Agencify Xperts support immediately if you suspect your site has been compromised or require assistance with the urgent mitigation steps outlined above.

Tags:

, , , , , , , , , ,

Discover more from Agencify Blog

Subscribe to get the latest posts sent to your email.

Leave a Reply

Subscribe
Subscribe

Copyright © Agencify

Discover more from Agencify Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading