OttoPress Plugin Vulnerability – What Do You Do? (2025/487)

Yet another WordPress plugin has made headlines—and this time it’s the OttoKit/OttoPress plugin. It's updated now, however, hackers were able to exploit a critical vulnerability to inject admin accounts into your WordPress site. If you’ve ever installed OttoPress, and still have it installed, this episode is essential listening.

If you don't have it - the episosde is still worth listening to, to understand how to respond if it happens to you.

📌 In this episode, Charly walks you through:

✅ What this vulnerability is and why it's dangerous

✅ How to check if you’re using the OttoPress plugin

✅ The critical steps to take if it’s installed—update immediately

✅ How to audit user accounts and reset all passwords

✅ When and why you should consider changing your database credentials

🔗 Read more about the exploit:

https://www.bleepingcomputer.com/news/security/hackers-exploit-ottokit-wordpress-plugin-flaw-to-add-admin-accounts/

👉 Don’t delay. Even dormant or deactivated plugins can leave you open to attack.

📢 Join the discussion in my community: https://askcharlyleetham.locals.com

📲 Follow us for more business and tech insights:

Locals: https://askcharlyleetham.locals.com
aaaa
Rumble: https://rumble.com/askcharlyleetham

Odyssey: https://odysee.com/@askcharlyleetham:4

YouTube: https://youtube.com/askcharlyleetham

Facebook: https://www.facebook.com/askcharlyleetham

Twitter: https://twitter.com/yourbizmgr

Instagram: https://instagram.com/ask_charly_leetham

LinkedIn: www.linkedin.com/in/charlyleetham

LinkedIn Company: https://www.linkedin.com/company/ask-charly-leetham/

Spotify:
https://askcharlyleetham.com/likes/rise-and-shine

Apple Podcasts: https://podcasts.apple.com/us/podcast/ask-charlyleetham-online-business-manager/id1659738721

iHeartRadio: https://www.iheart.com/podcast/269-ask-charlyleetham-online-105944212/

Amazon Music: https://music.amazon.com/podcasts/662f1e44-115d-4094-862b-efe9307e0df4/ask-charlyleetham-online-business-manager