Attempted attacks detected within four hours.
Attacks exploited an authentication bypass vulnerability within hours of its public disclosure.
An authentication bypass vulnerability in OttoKit, identified as CVE-2025-3102, was disclosed by Wordfence after it paid a bug bounty to a researcher in March. A fix was released on April 3rd: CVE-2025-3102 allows attackers to create new administrator accounts without authentication.
However, researchers at WordPress security platform Patchstack warned that the first exploitation attempts in the wild were logged only a few hours after the disclosure of the flaw, reported
Bleeping Computer.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
