On April 10, 2025 I reported a critical vulnerability I found in the Ottokit (formerly SureTriggers) plugin to Patchstack.
With over 100,000 installs I knew it was bound to cause chaos for a lot of website owners if it wasn’t patched immediately.
My name is Denver Jackson and I created the tool which found the Ottokit vulnerability. At the time I found it, Blip didn’t even exist – it was just code I had written on my local computer at home.
Quite a lot has been written about the exploit online, including:
patchstack.com/articles/critical-suretriggers-plugin-vulnerability-exploited-within-4-hours/
https://www.wordfence.com/blog/2025/05/recently-disclosed-suretriggers-critical-privilege-escalation-vulnerability-under-active-exploitation/
patchstack.com/articles/critical-suretriggers-plugin-vulnerability-exploited-within-4-hours/
Since finding this CV along with a few others (including some zero days) I have begun building a free version of the scanning tool I used to find the Ottokit CV as well as several others with a user interface so anyone can use it – free. And named it ‘Blip’ (as in, a blip on a radar).