V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2025-3102
ANC
HighConfirmedExploit available

The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative a…

CVSS
8.1
High
EPSS
0.76
p99
Published
2025-01-01
Updated
2025-01-01
Description

The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.

Tags · CWE
Pre-auth
CWE-697
CAPEC-3
CAPEC-6
CAPEC-7
CAPEC-8
CAPEC-9
CAPEC-10
CAPEC-14
CAPEC-15
CAPEC-24
CAPEC-41
CAPEC-43
CAPEC-44
CAPEC-45
CAPEC-46
CAPEC-47
CAPEC-52
CAPEC-53
CAPEC-64
CAPEC-67
CAPEC-71
CAPEC-73
CAPEC-78
CAPEC-79
CAPEC-80
CAPEC-88
CAPEC-92
CAPEC-120
CAPEC-182
CAPEC-267
Affected products
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2025-01-01
Published
2025-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.763 · p99
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-267 · CWE-697
Known exploits — Сканер-ВС
CVE-2025-3102
github-poc · https://github.com/baribut/CVE-2025-3102
Enterprise
Affected products
ProductVendorStatus
Tracked
Source databases
ANC
Related vulnerabilities