WordPress Hacked: Cybercriminals Can Create Extra Admin Accounts!

Major vulnerability alert: WordPress hacked once again by exploiting a vulnerable plugin. The CyberFlow team has identified a pattern of hacking attacks stemming from the OttoKit plugin.

Formerly known as SureTriggers, OttoKit is installed on over 100,000 WordPress websites. It allows logged-in users to connect the site to third-party services (such as currency exchange rates, weather apps, etc.) and automate workflows.

How Is the WordPress Plugin Hacked?

The breach is possible due to a vulnerability in the OttoKit plugin. Hackers have identified a logic error in one of the plugin’s functions. Thus, they use the plugin’s API to gain administrator rights on the website.

The logic error occurs in the “create_wp_connection” function, allowing anyone to bypass authentication checks when there are no application passwords set.

What Can Hackers Do with this WordPress Exploit?

After bypassing the authentication checks, the malicious actors behind this new WordPress hacked case are free to add new admin roles to the backend of the site. This means that they can:

• Change passwords to log into the website backend
• Revoke administrator privileges from other users
• Delete other users.

Essentially, they take control of the breached website. They can change its contents, add malicious links, and launch phishing campaigns. The first victims will be your regular website visitors and clients, leading to severe reputation loss and financial damages.

OttoKit WordPres Plugin Developers Release Patch

The good news is that you don’t have to worry about this new WordPress hacked instance. The vulnerable plugin developers were made aware of the issue and provided a solution. They released a patch the next day, which includes a validation check for the respective access key. 

Most users of the plugin received forced updates. However, there may still be vulnerable sites, so make sure that you update OttoKit to version 1.0.83, which contains the patch.

Keep Your Website Safe from WordPress Plugin Issues with CyberFlow!

Safeguarding your website against hackers is a specialised full-time job. A job which the CyberFlow cybersecurity team can easily take off your hands.

Focus on running your business, while we make sure that your website is secure and safe for all visitors. Contact us today and benefit from the most advanced cybersecurity solutions!