Yet another WordPress plugin has made headlines—and this time it’s the OttoKit/OttoPress plugin.
It's updated now, however, hackers were able to exploit a critical vulnerability to inject admin accounts into your WordPress site. If you’ve ever installed OttoPress, and still have it installed, this episode is essential listening.
If you don't have it - the episosde is still worth listening to, to understand how to respond if it happens to you.
📌 In this episode, Charly walks you through:
✅ What this vulnerability is and why it's dangerous
✅ How to check if you’re using the OttoPress plugin
✅ The critical steps to take if it’s installed—update immediately
✅ How to audit user accounts and reset all passwords
✅ When and why you should consider changing your database credentials
🔗 Read more about the exploit:
https://www.bleepingcomputer.com/news/security/hackers-exploit-ottokit-wordpress-plugin-flaw-to-add-admin-accounts
👉 Don’t delay. Even dormant or deactivated plugins can leave you open to attack.
Join my locals community and strike up a conversation about the topic
0 comments