Hackers exploiting WordPress membership plugin bug to create admin accounts

A popular WP plugin can be abused to take over websites and thousands of sites are vulnerable.
Bleeping Computer

Hackers exploit OttoKit WordPress plugin flaw to add admin accounts

Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. OttoKit (formerly SureTriggers) ...
Hosted on MSN

Sneeit WordPress RCE flaw allows hackers to add themselves as admin - here's how to stay safe

WordFence disclosed critical RCE flaw (CVE-2025-6389) in Sneeit Framework plugin, affecting versions ≤8.3 Exploitation allows attackers to create admin accounts, install malicious plugins, and hijack ...

WordPress membership plugin bug exploited to create admin accounts

Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than ...