A critical vulnerability in the OttoKit WordPress plugin is being exploited by attackers to gain administrative access to affected sites. Site administrators are urged to update to version 1.0.83, which patches both this and a previously reported vulnerability. Security firm Defiant has provided indicators of compromise to help identify signs of exploitation.