The OttoKit plugin, version 1.0.78, is vulnerable to an authentication bypass and privilege-escalation bug. This allows unauthenticated admin creation on over 100,000 sites within hours of disclosure. To fix this issue, users should update to version 1.0.83 or newer, audit admins, and add WAF rules to enhance security and prevent exploitation of the vulnerability.
Original tweet: https://twitter.com/cirtgovjm/status/1920233991484879024