Ottokit
by WordPress
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-49781 | Cri | 0.64 | 9.8 | 0.00 | Jun 15, 2026 | Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions. | ||
| CVE-2026-4935 | Hig | 0.56 | 8.6 | 0.00 | May 8, 2026 | The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks. |
- risk 0.64cvss 9.8epss 0.00
Unauthenticated PHP Object Injection in OttoKit <= 1.1.27 versions.
- risk 0.56cvss 8.6epss 0.00
The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.