OttoKit WordPress Plugin Exploited Due to Second Security Flaw

The WordPress plugin OttoKit (formerly SureTriggers), with over 100,000 installations, is currently being exploited due to a second security vulnerability. This vulnerability, listed as CVE-2025-27007 (CVSS score: 9.8), is a privilege escalation flaw affecting all versions of the plugin up to and including version 1.0.82. The flaw is due to the lack of capability verification in the create_wp_connection() function.