CVE-2025-3102
📋 TL;DR
The SureTriggers WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to create administrator accounts. This affects all WordPress sites running SureTriggers version 1.0.78 or earlier when the plugin is installed and activated but not configured with an API key.
💻 Affected Systems
- SureTriggers: All-in-One Automation Platform WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover with attacker gaining administrative access, installing backdoors, defacing content, stealing data, and using the site for further attacks.
Likely Case
Attacker creates admin account, gains full control of WordPress site, and potentially compromises the entire web server.
If Mitigated
No impact if plugin is properly configured with API key or completely removed.
🎯 Exploit Status
Simple HTTP request to vulnerable endpoint can trigger the vulnerability. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.0.79
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find SureTriggers plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 1.0.79+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Configure API Key
allConfigure the plugin with a valid API key to prevent the authentication bypass.
Disable Plugin
allDeactivate the SureTriggers plugin until patched.
🧯 If You Can't Patch
- Deactivate and remove the SureTriggers plugin immediately
- Implement web application firewall rules to block requests to /wp-json/suretriggers/v1/authenticate endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for SureTriggers version. If version is 1.0.78 or earlier and plugin is active, site is vulnerable if no API key is configured.Check Version:
wp plugin list --name=suretriggers --field=version (if WP-CLI installed)Verify Fix Applied:
Verify SureTriggers plugin version is 1.0.79 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-json/suretriggers/v1/authenticate endpoint with empty or missing secret_key parameter
- Unexpected administrator user creation in WordPress user logs
Network Indicators:
- HTTP POST requests to WordPress REST API authentication endpoints from unexpected sources
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-json/suretriggers/v1/authenticate" OR message="New user created" AND user_role="administrator")🔗 References
- https://plugins.trac.wordpress.org/browser/suretriggers/trunk/src/Controllers/RestController.php#L59
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3266499%40suretriggers%2Ftrunk&old=3264905%40suretriggers%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ec017311-f150-4a14-a4b4-b5634f574e2b?source=cve
