As WordPress site administrators implemented routine security measures, three critical vulnerabilities emerged that allow attackers to bypass authentication protocols and seize administrative control of affected websites. These flaws collectively expose over 100,000 sites to potential compromise, with exploitation observed within hours of public disclosure.
The OttoKit plugin vulnerability, designated CVE-2025-3102, represents the most severe threat among the identified issues. This critical flaw affects versions up to 1.0.78 of the formerly named CertainTriggers plugin, facilitating unauthorized admin account creation through an authorization bypass bug.
Critical authorization bypass in OttoKit plugin versions up to 1.0.78 enables attackers to create unauthorized admin accounts without proper authentication.
Attackers can exploit this vulnerability when the plugin lacks proper API key configuration, afterwards uploading arbitrary plugins, modifying site code, and injecting malware or spam content. The vulnerability was patched in version 1.0.79, released April 3, 2025.
The Motors WordPress theme contains a similarly dangerous privilege escalation flaw, cataloged as CVE-2025-4322, affecting versions up to 5.6.67. This vulnerability impacts over 22,000 websites, allowing unauthenticated attackers to change any user password, including administrator credentials.
Security researcher “Foxyyy” unearthed this flaw through Wordfence’s bug bounty program, prompting StylemixThemes to release a patched version on May 14, 2025. Cybersecurity analysts note that small businesses face particularly heightened risks from these WordPress vulnerabilities due to limited security resources and delayed patching schedules.
The WPC Admin Columns plugin presents another significant risk through CVE-2025-3418, affecting versions 2.0.6 to 2.1.0. This privilege escalation vulnerability allows attackers to enhance their access rights beyond intended limitations, potentially compromising sites using this popular admin table customization tool.
Successful exploitation of these vulnerabilities permits attackers to execute extensive site takeovers. Threat actors typically install backdoors, steal sensitive user data, redirect site traffic, modify download links to distribute malicious files, and conduct database exfiltration operations.
Security experts recommend immediate patching for affected plugins and themes, emphasizing that administrators should update OttoKit to version 1.0.79 or higher and upgrade Motors theme installations beyond version 5.6.67.
Additional remediation measures include auditing user roles and accounts post-update, enforcing API key configurations for OttoKit installations, and monitoring sites for unexpected administrative account creation or unauthorized password modifications.
