Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News
Sign In Sign Up

CVE-2025-3102

HIGH
Published 2025-04-10T04:22:05.560Z
Actions:

CVSS Score

V3.1
8.1
/10
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector
Not Available
Attack Complexity
Not Available
Privileges Required
Not Available
User Interaction
Not Available
Scope
Not Available

Impact Metrics

Confidentiality
Not Available
Integrity
Not Available
Availability
Not Available

Description

The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.

Available Exploits

SureTriggers – All-in-One Automation Platform ≤ 1.0.78 - Authentication Bypass

The SureTriggers- All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.

ID: CVE-2025-3102
Author: DhiyaneshDK High

References:

Related News

Attackers are exploiting recently disclosed OttoKit WordPress plugin flaw

Threat actors are exploiting a vulnerability in the OttoKit WordPress plugin, a few hours after public disclosure. Threat actors are exploiting a recently discovered vulnerability, tracked as CVE-2025-3102 (CVSS score of 8.1) in the OttoKit WordPress plugin (…

Securityaffairs.com 2025-04-12 10:43
Read More
OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug t…

Internet 2025-04-11 04:58
Read More
SureTriggers Vulnerability Exposes 100,000+ WordPress Sites to Admin Takeover

A critical vulnerability in the popular WordPress automation plugin SureTriggers has exposed over 100,000 sites to the risk The post SureTriggers Vulnerability Exposes 100,000+ WordPress Sites to Admin Takeover appeared first on Daily CyberSecurity.

SecurityOnline.info 2025-04-10 01:48
Read More

Affected Products

brainstormforce

OttoKit: All-in-One Automation Platform (Formerly SureTriggers)

Affected Versions:

*

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/ec017311-f150-4a14-a4b4-b5634f574e2b?source=cve
https://plugins.trac.wordpress.org/browser/suretriggers/trunk/src/Controllers/RestController.php#L59
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3266499%40suretriggers%2Ftrunk&old=3264905%40suretriggers%2Ftrunk&sfp_email=&sfph_mail=
Published: 2025-04-10T04:22:05.560Z
Last Modified: 2025-04-10T13:10:32.671Z
Copied to clipboard!