OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

A critical flaw (CVE-2025-3102, CVSS 8.1) in the OttoKit (formerly SureTriggers) WordPress plugin allows attackers to create admin accounts if the plugin is active but not configured. It's being actively exploited. Users should update to version 1.0.79, check for suspicious admin accounts, and remove them immediately.