O
Company Details
Linkedin ID:
ottokithq
Website:
Employees number:
3
Number of followers:
148
NAICS:
513
Industry Type:
Homepage:
ottokit.com
IP Addresses:
0
Company ID:
OTT_2380386
Scan Status:
In-progress
OttoKit (Formerly SureTriggers) Company CyberSecurity Posture
ottokit.com
SureTriggers seamlessly connects your favorite tools so you can automate workflows and streamline your business processes.
OttoKit (Formerly SureTriggers) A.I CyberSecurity Scoring
O Risk Score (AI oriented)Between 700 and 749
O
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
O Global Score (TPRM)XXXX
O
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
O Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
SureTriggers
Vulnerability
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The discovery of the SureTriggers vulnerability, with a CVSS score of 8.1, has exposed over 100,000 websites to potential risk by allowing attackers to create admin accounts and take full control. The impact of this high-severity loophole is extensive, potentially leading to full site compromise, including uploading malicious content, SEO damage, and endangering customer data. With the exploitation beginning only hours after disclosure and the simplicity of the attack—requiring only an unconfigured API—it underscores the urgency for web administrators to secure their WordPress sites promptly.
O Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for O
Incidents vs Technology, Information and Internet Industry Average (This Year)
OttoKit (Formerly SureTriggers) has 23.46% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
OttoKit (Formerly SureTriggers) has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types O vs Technology, Information and Internet Industry Avg (This Year)
OttoKit (Formerly SureTriggers) reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 1 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — O (X = Date, Y = Severity)
O cyber incidents detection timeline including parent company and subsidiaries
O Company Subsidiaries
SureTriggers seamlessly connects your favorite tools so you can automate workflows and streamline your business processes.
Loading...
O Similar Companies
Jumia (NYSE :JMIA) is a leading e-commerce platform in Africa. It is built around a marketplace, Jumia Logistics, and JumiaPay. The marketplace helps millions of consumers and sellers to connect and transact. Jumia Logistics enables the delivery of millions of packages through our network of local p
Avnet
Avnet is a global electronic components distributor with extensive design, product, marketing and supply chain expertise for customers and suppliers at every stage of the product lifecycle. For the past 100 years, Avnet has helped its customers and suppliers around the world realize the transformati
Mercado Livre Brasil
Fundada em 1999, MercadoLivre é uma companhia de tecnologia líder em comércio eletrônico na América Latina. Por meio de suas principais plataformas MercadoLivre.com e MercadoPago.com, oferece soluções de comércio eletrônico para que pessoas e empresas possam comprar, vender, pagar e anunciar produto
YouTube
YouTube is a team-oriented, creative workplace where every single employee has a voice in the choices we make and the features we implement. We work together in small teams to design, develop, and roll out key features and products in very short time frames. Which means something you write today cou
SLB
We are a technology company that unlocks access to energy for the benefit of all. As innovators, that’s been our mission for nearly a century. Today, we face a global imperative to create a future with more energy, but less carbon. Our diverse, innovative change makers are focused on going further i
Primary School
www.primaryschool.com.au is a directory of sites for students and lesson plans and reference material for teachers and parents. It is currently averaging up to 350,000 unique visitors a month and has over 44,000 subscribers to its free weekly newsletter which showcases the latest internet based reso
Swiggy is India’s pioneering on-demand convenience platform, catering to millions of consumers each month. Founded in 2014, its mission is to elevate the quality of life for the urban consumer by offering unparalleled convenience. With an extensive footprint in food delivery, Swiggy Food collaborate
Sohu.com Inc. (NASDAQ: SOHU) is China's premier online brand and indispensable to the daily life of millions of Chinese, providing a network of web properties and community based/web 2.0 products which offer the vast Sohu user community a broad array of choices regarding information, entertainment a
NetEase
As a leading internet technology company based in China, NetEase, Inc. (NASDAQ: NTES and HKEX:9999, "NetEase") provides premium online services centered around content creation. With extensive offerings across its expanding gaming ecosystem, NetEase develops and operates some of China's most popula
.png)
O CyberSecurity News
May 12, 2025 07:00 AM
Weekly Vulnerability Report: ICS Alerts & Insights by Cyble
Cyble highlights multiple ICS and IT weekly vulnerability reports, including zero-day vulnerabilities and active exploits for popular IT...
May 07, 2025 07:00 AM
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild.
May 07, 2025 07:00 AM
Second OttoKit Vulnerability Exploited to Hack WordPress Sites
Threat actors are targeting a critical-severity vulnerability in the OttoKit WordPress plugin to gain administrative privileges.
April 11, 2025 07:00 AM
OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few...
April 11, 2025 07:00 AM
Vulnerability in OttoKit WordPress Plugin Exploited in the Wild
A vulnerability in the OttoKit WordPress plugin with over 100000 active installations has been exploited in the wild.
April 11, 2025 07:00 AM
Threat Actors Exploit High-Severity Bypass Vulnerability in WordPress Plugin
Security researchers spotted threat actors exploiting a severe WordPress plugin vulnerability almost immediately after the flaw's...
April 10, 2025 07:00 AM
Hackers exploit WordPress plugin auth bypass hours after disclosure
Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
O CyberSecurity History Information
Official Website of OttoKit (Formerly SureTriggers)
The official website of OttoKit (Formerly SureTriggers) is https://suretriggers.com/.
OttoKit (Formerly SureTriggers)’s AI-Generated Cybersecurity Score
According to Rankiteo, OttoKit (Formerly SureTriggers)’s AI-generated cybersecurity score is 749, reflecting their Moderate security posture.
How many security badges does OttoKit (Formerly SureTriggers)’ have ?
According to Rankiteo, OttoKit (Formerly SureTriggers) currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does OttoKit (Formerly SureTriggers) have SOC 2 Type 1 certification ?
According to Rankiteo, OttoKit (Formerly SureTriggers) is not certified under SOC 2 Type 1.
Does OttoKit (Formerly SureTriggers) have SOC 2 Type 2 certification ?
According to Rankiteo, OttoKit (Formerly SureTriggers) does not hold a SOC 2 Type 2 certification.
Does OttoKit (Formerly SureTriggers) comply with GDPR ?
According to Rankiteo, OttoKit (Formerly SureTriggers) is not listed as GDPR compliant.
Does OttoKit (Formerly SureTriggers) have PCI DSS certification ?
According to Rankiteo, OttoKit (Formerly SureTriggers) does not currently maintain PCI DSS compliance.
Does OttoKit (Formerly SureTriggers) comply with HIPAA ?
According to Rankiteo, OttoKit (Formerly SureTriggers) is not compliant with HIPAA regulations.
Does OttoKit (Formerly SureTriggers) have ISO 27001 certification ?
According to Rankiteo,OttoKit (Formerly SureTriggers) is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of OttoKit (Formerly SureTriggers)
OttoKit (Formerly SureTriggers) operates primarily in the Technology, Information and Internet industry.
Number of Employees at OttoKit (Formerly SureTriggers)
OttoKit (Formerly SureTriggers) employs approximately 3 people worldwide.
Subsidiaries Owned by OttoKit (Formerly SureTriggers)
OttoKit (Formerly SureTriggers) presently has no subsidiaries across any sectors.
OttoKit (Formerly SureTriggers)’s LinkedIn Followers
OttoKit (Formerly SureTriggers)’s official LinkedIn profile has approximately 148 followers.
NAICS Classification of OttoKit (Formerly SureTriggers)
OttoKit (Formerly SureTriggers) is classified under the NAICS code 513, which corresponds to Others.
OttoKit (Formerly SureTriggers)’s Presence on Crunchbase
No, OttoKit (Formerly SureTriggers) does not have a profile on Crunchbase.
OttoKit (Formerly SureTriggers)’s Presence on LinkedIn
Yes, OttoKit (Formerly SureTriggers) maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ottokithq.
Cybersecurity Incidents Involving OttoKit (Formerly SureTriggers)
As of December 07, 2025, Rankiteo reports that OttoKit (Formerly SureTriggers) has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
OttoKit (Formerly SureTriggers) has an estimated 12,907 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at OttoKit (Formerly SureTriggers) ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability.
How does OttoKit (Formerly SureTriggers) detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with secure wordpress sites promptly..
Incident Details
Can you provide details on each incident ?
Title: SureTriggers Vulnerability
Description: The discovery of the SureTriggers vulnerability, with a CVSS score of 8.1, has exposed over 100,000 websites to potential risk by allowing attackers to create admin accounts and take full control. The impact of this high-severity loophole is extensive, potentially leading to full site compromise, including uploading malicious content, SEO damage, and endangering customer data. With the exploitation beginning only hours after disclosure and the simplicity of the attack—requiring only an unconfigured API—it underscores the urgency for web administrators to secure their WordPress sites promptly.
Type: Vulnerability Exploitation
Attack Vector: Unconfigured API
Vulnerability Exploited: SureTriggers Vulnerability
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Vulnerability.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Unconfigured API.
Impact of the Incidents
What was the impact of each incident ?
Incident : Vulnerability Exploitation OTT814041125
Data Compromised: Customer data
Systems Affected: Websites
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Customer Data and .
Which entities were affected by each incident ?
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Vulnerability Exploitation OTT814041125
Remediation Measures: Secure WordPress sites promptly
Data Breach Information
What type of data was compromised in each breach ?
Incident : Vulnerability Exploitation OTT814041125
Type of Data Compromised: Customer data
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Secure WordPress sites promptly, .
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Vulnerability Exploitation OTT814041125
Recommendations: Web administrators should secure their WordPress sites promptly
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Vulnerability Exploitation OTT814041125
Entry Point: Unconfigured API
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Vulnerability Exploitation OTT814041125
Root Causes: Unconfigured Api,
Corrective Actions: Secure Wordpress Sites Promptly,
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Secure Wordpress Sites Promptly, .
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Customer Data and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Websites.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Customer Data.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Web administrators should secure their WordPress sites promptly.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Unconfigured API.
.png)
Latest Global CVEs (Not Company-Specific)
Description
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the response using this parameter. This vulnerability is fixed in 1.10.4.
Risk Information
cvss3
Base: 3.7
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Description
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a malicious webpage to perform cross-origin requests that include credentials and successfully call the refresh endpoint. An attacker-controlled origin can therefore obtain fresh access_token / refresh_token pairs for a victim session. Obtained tokens permit access to authenticated endpoints — including built-in code-execution functionality — allowing the attacker to execute arbitrary code and achieve full system compromise.
Risk Information
cvss4
Base: 9.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument health_url results in server-side request forgery. The attack can be initiated remotely. The exploit is now public and may be used. The patch is named 0ff771dc1933d5a6b78f804115e78a7d8625c3f3. To fix this issue, it is recommended to deploy a patch. The vendor responded with a vulnerability confirmation and a list of security measures they have established already (e.g. disabled URL parsing, disabled URL upload mode, removed URL-to-markdown conversion).
Risk Information
cvss2
Base: 5.8
Severity: LOW
AV:N/AC:L/Au:M/C:P/I:P/A:P
cvss3
Base: 4.7
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 5.1
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is indicated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. Upgrading to version 7.20 build 128 is able to mitigate this issue. You should upgrade the affected component. The vendor responded very professional: "This is the real vulnerability affecting RAR for Android only. WinRAR and Unix RAR versions are not affected. We already fixed it in RAR for Android 7.20 build 128 and we publicly mentioned it in that version changelog. (...) To avoid confusion among users, it would be useful if such disclosure emphasizes that it is RAR for Android only issue and WinRAR isn't affected."
Risk Information
cvss2
Base: 5.1
Severity: HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:P
cvss3
Base: 5.0
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
cvss4
Base: 2.3
Severity: HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ottokithq' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
