Ottokit
Monthly
Unauthenticated PHP Object Injection in the OttoKit WordPress plugin (formerly SureTriggers) versions 1.1.27 and earlier allows remote attackers to deserialize attacker-controlled PHP objects against any site running the plugin. With a CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and a CWE-502 deserialization root cause, successful exploitation can lead to full code execution, data theft, or site takeover when a suitable POP gadget chain is present in WordPress core or another installed plugin. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Blind SQL injection in Brainstorm Force OttoKit (WordPress plugin suretriggers) versions up to 1.1.20 allows privileged attackers with high-level administrative access to extract sensitive database information and potentially cause service disruptions. CVSS 7.6 severity driven by changed scope (container escape to underlying WordPress database). EPSS score of 0.02% (6th percentile) indicates very low observed exploitation probability. No public exploit identified at time of analysis, and no CISA KEV listing confirms active exploitation.
Unauthenticated PHP Object Injection in the OttoKit WordPress plugin (formerly SureTriggers) versions 1.1.27 and earlier allows remote attackers to deserialize attacker-controlled PHP objects against any site running the plugin. With a CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and a CWE-502 deserialization root cause, successful exploitation can lead to full code execution, data theft, or site takeover when a suitable POP gadget chain is present in WordPress core or another installed plugin. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Blind SQL injection in Brainstorm Force OttoKit (WordPress plugin suretriggers) versions up to 1.1.20 allows privileged attackers with high-level administrative access to extract sensitive database information and potentially cause service disruptions. CVSS 7.6 severity driven by changed scope (container escape to underlying WordPress database). EPSS score of 0.02% (6th percentile) indicates very low observed exploitation probability. No public exploit identified at time of analysis, and no CISA KEV listing confirms active exploitation.