8.1
HIGH
CVE-2025-3102
WordPress SureTriggers Plugin Authentication Bypass Vulnerability
Description

The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.

INFO

Published Date :

April 10, 2025, 5:15 a.m.

Last Modified :

April 11, 2025, 3:40 p.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

2.2
Public PoC/Exploit Available at Github

CVE-2025-3102 has a 11 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2025-3102 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Exploitation of an authorization bypass vulnerability in the SureTriggers plugin for WordPress versions <= 1.0.78, allowing unauthenticated attackers to create new WordPress users.

Updated: 4 weeks ago
1 stars 1 fork 1 watcher
Born at : April 25, 2025, 11:28 p.m. This repo has been linked 1 different CVEs too.

Checks the SureTriggers WordPress plugin's readme.txt file for the Stable tag version. If the version is less than or equal to 1.0.78, it is considered vulnerable.0.78).

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : April 25, 2025, 12:13 p.m. This repo has been linked 1 different CVEs too.

Detects the version of the SureTriggers WordPress plugin from exposed asset URLs and compares it to determine if it's vulnerable (<= 1.0.78).

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : April 25, 2025, 11:56 a.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 1 month ago
0 stars 0 fork 0 watcher
Born at : April 20, 2025, 1:59 p.m. This repo has been linked 1 different CVEs too.

None

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : April 14, 2025, 5:09 p.m. This repo has been linked 1 different CVEs too.

Wordpress SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation

Python

Updated: 3 weeks, 2 days ago
2 stars 0 fork 0 watcher
Born at : April 14, 2025, 4:07 p.m. This repo has been linked 1 different CVEs too.

Wordpress SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation

Python

Updated: 2 weeks, 6 days ago
4 stars 2 fork 2 watcher
Born at : April 14, 2025, 10:20 a.m. This repo has been linked 1 different CVEs too.

EXPLOIT CVE-2025-3102

Python PHP

Updated: 3 weeks, 2 days ago
2 stars 0 fork 0 watcher
Born at : April 12, 2025, 4:22 a.m. This repo has been linked 1 different CVEs too.

备份的漏洞库,3月开始我们来维护

Updated: 2 weeks, 4 days ago
995 stars 307 fork 307 watcher
Born at : March 4, 2025, 2:54 p.m. This repo has been linked 213 different CVEs too.

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 4 weeks ago
6873 stars 1158 fork 1158 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 848 different CVEs too.

爬取secwiki和xuanwu.github.io/sec.today,分析安全信息站点、安全趋势、提取安全工作者账号(twitter,weixin,github等)

Python HTML

Updated: 4 weeks, 1 day ago
1287 stars 220 fork 220 watcher
Born at : Feb. 19, 2019, 10:24 a.m. This repo has been linked 17 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-3102 vulnerability anywhere in the article.

  • BleepingComputer
Hackers exploit OttoKit WordPress plugin flaw to add admin accounts

Hackers are exploiting a critical unauthenticated privilege escalation vulnerability in the OttoKit WordPress plugin to create rogue admin accounts on targeted sites. OttoKit (formerly SureTriggers) i ... Read more

Published Date: May 07, 2025 (2 weeks, 4 days ago)
  • The Hacker News
OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws

Vulnerability / Web Security A second security flaw impacting the OttoKit (formerly SureTriggers) WordPress plugin has come under active exploitation in the wild. The vulnerability, tracked as CVE-202 ... Read more

Published Date: May 07, 2025 (2 weeks, 4 days ago)
  • security.nl
WordPress-sites aangevallen via kritiek lek in OttoKit-plug-in

WordPress-sites worden aangevallen via een kritieke kwetsbaarheid in de plug-in OttoKit, die eerder nog bekend stond als SureTriggers. Via het beveiligingslek kan een ongeauthenticeerde aanvaller admi ... Read more

Published Date: May 07, 2025 (2 weeks, 4 days ago)
  • The Hacker News
⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More

Attackers aren't waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched ... Read more

Published Date: Apr 14, 2025 (1 month, 1 week ago)
  • Cyber Security News
100,000 WordPress Sites Vulnerable to Rogue Creation Vulnerability

A critical vulnerability affecting over 100,000 WordPress websites has been discovered in the SureTriggers WordPress plugin, potentially allowing attackers to create unauthorized administrator account ... Read more

Published Date: Apr 13, 2025 (1 month, 1 week ago)
  • TheCyberThrone
CVE-2025-3102 impacts OttoKit WordPress Plugin

CVE-2025-3102 is a high-severity vulnerability discovered in the OttoKit WordPress plugin, previously known as SureTriggers. This vulnerability allows unauthorized attackers to bypass authentication m ... Read more

Published Date: Apr 12, 2025 (1 month, 1 week ago)
  • The Cyber Express
100,000+ WordPress Sites at Risk as SureTriggers Exploit Goes Live

A recently uncovered SureTriggers vulnerability has put more than 100,000 websites at risk, highlighting once again how critical plugin security is for WordPress site administrators. The vulnerability ... Read more

Published Date: Apr 11, 2025 (1 month, 2 weeks ago)
  • The Hacker News
OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

Website Security / Vulnerability A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The ... Read more

Published Date: Apr 11, 2025 (1 month, 2 weeks ago)
  • BleepingComputer
Hackers exploit WordPress plugin auth bypass hours after disclosure

Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. Users are strongly ... Read more

Published Date: Apr 10, 2025 (1 month, 2 weeks ago)

The following table lists the changes that have been made to the CVE-2025-3102 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Apr. 10, 2025

    Action Type Old Value New Value
    Added Description The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.
    Added CVSS V3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-697
    Added Reference https://plugins.trac.wordpress.org/browser/suretriggers/trunk/src/Controllers/RestController.php#L59
    Added Reference https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3266499%40suretriggers%2Ftrunk&old=3264905%40suretriggers%2Ftrunk&sfp_email=&sfph_mail=
    Added Reference https://www.wordfence.com/threat-intel/vulnerabilities/id/ec017311-f150-4a14-a4b4-b5634f574e2b?source=cve
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-3102 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-3102 weaknesses.

CAPEC-3: Using Leading 'Ghost' Character Sequences to Bypass Input Filters Using Leading 'Ghost' Character Sequences to Bypass Input Filters CAPEC-6: Argument Injection Argument Injection CAPEC-7: Blind SQL Injection Blind SQL Injection CAPEC-8: Buffer Overflow in an API Call Buffer Overflow in an API Call CAPEC-9: Buffer Overflow in Local Command-Line Utilities Buffer Overflow in Local Command-Line Utilities CAPEC-10: Buffer Overflow via Environment Variables Buffer Overflow via Environment Variables CAPEC-14: Client-side Injection-induced Buffer Overflow Client-side Injection-induced Buffer Overflow CAPEC-15: Command Delimiters Command Delimiters CAPEC-24: Filter Failure through Buffer Overflow Filter Failure through Buffer Overflow CAPEC-41: Using Meta-characters in E-mail Headers to Inject Malicious Payloads Using Meta-characters in E-mail Headers to Inject Malicious Payloads CAPEC-43: Exploiting Multiple Input Interpretation Layers Exploiting Multiple Input Interpretation Layers CAPEC-44: Overflow Binary Resource File Overflow Binary Resource File CAPEC-45: Buffer Overflow via Symbolic Links Buffer Overflow via Symbolic Links CAPEC-46: Overflow Variables and Tags Overflow Variables and Tags CAPEC-47: Buffer Overflow via Parameter Expansion Buffer Overflow via Parameter Expansion CAPEC-52: Embedding NULL Bytes Embedding NULL Bytes CAPEC-53: Postfix, Null Terminate, and Backslash Postfix, Null Terminate, and Backslash CAPEC-64: Using Slashes and URL Encoding Combined to Bypass Validation Logic Using Slashes and URL Encoding Combined to Bypass Validation Logic CAPEC-67: String Format Overflow in syslog() String Format Overflow in syslog() CAPEC-71: Using Unicode Encoding to Bypass Validation Logic Using Unicode Encoding to Bypass Validation Logic CAPEC-73: User-Controlled Filename User-Controlled Filename CAPEC-78: Using Escaped Slashes in Alternate Encoding Using Escaped Slashes in Alternate Encoding CAPEC-79: Using Slashes in Alternate Encoding Using Slashes in Alternate Encoding CAPEC-80: Using UTF-8 Encoding to Bypass Validation Logic Using UTF-8 Encoding to Bypass Validation Logic CAPEC-88: OS Command Injection OS Command Injection CAPEC-92: Forced Integer Overflow Forced Integer Overflow CAPEC-120: Double Encoding Double Encoding CAPEC-182: Flash Injection Flash Injection CAPEC-267: Leverage Alternate Encoding Leverage Alternate Encoding
CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
© cvefeed.io
Latest DB Update: May. 25, 2025 23:11