https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-auth-bypass-hours-after-disclosure/

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure.

Users are strongly recommended to upgrade to the latest version of OttoKit/SureTriggers, currently 1.0.79, released at the beginning of the month.