Critical Security Flaw in OttoKit Actively Exploited

A critical security flaw affecting OttoKit (formerly SureTriggers) is being actively exploited just hours after its public disclosure. This vulnerability, listed under the number CVE-2025-3102 with a CVSS score of 8.1, is an authorization bypass bug that allows an attacker to create administrator accounts under certain conditions and take control of vulnerable websites.