CVE-2025-3102 PoC — SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Cr

Source

Associated Vulnerability

Description

SureTriggers <= 1.0.78 - Authorization Bypass Exploit

Readme

# SureTriggers <= 1.0.78 - Authorization Bypass Exploit

This tool exploits an **authorization bypass vulnerability** in the SureTriggers WordPress plugin (versions <= 1.0.78), allowing unauthenticated attackers to create new WordPress user accounts.

> 🔥 Developed by [0xgh057r3c0n](https://github.com/0xgh057r3c0n)

---

## 📌 Vulnerability Details

- **Plugin Name:** SureTriggers
- **Affected Versions:** <= 1.0.78
- **CVE:** Pending
- **Vulnerability Type:** Authorization Bypass → Unauthenticated User Creation
- **Attack Vector:** Remote (unauthenticated HTTP POST request)
- **Impact:** Allows arbitrary user registration with attacker-defined credentials.

---

## ⚙️ Features

- Automatically fetches and verifies the installed plugin version
- Bypasses authorization and creates a new WordPress user
- Customizable email, username, and password via CLI
- Color-coded terminal output
- Default credentials available for fast testing

---

## 🚀 Usage

### 🔧 Requirements

- Python 3.x
- Modules: `requests`, `colorama`

Install dependencies:

```bash
pip3 install -r requirements.txt
````

Or manually:

```bash
pip3 install requests colorama
```

---

### 🛠️ Running the Exploit

```bash
python3 CVE-2025-3102.py -u <target_url> [--newmail <email>] [--newuser <username>] [--newpassword <password>]
```

#### 🔍 Example:

```bash
python3 CVE-2025-3102.py -u https://target-site.com --newuser hacker --newpassword Pass123!
```

---

## 📋 Options

| Argument        | Description                    | Default                                                                   |
| --------------- | ------------------------------ | ------------------------------------------------------------------------- |
| `-u`, `--url`   | Base URL of the WordPress site | *Required*                                                                |
| `--newmail`     | Email address for the new user | [gauravbhattacharjee54@gmail.com](mailto:gauravbhattacharjee54@gmail.com) |
| `--newuser`     | Username to create             | 0xgh057r3c0n                                                              |
| `--newpassword` | Password for the new user      | Wiz007\@8876@                                                             |

---

## 🧠 How It Works

1. Checks the plugin version by reading `readme.txt`.
2. Constructs a special request to `wp-json/sure-triggers/v1/automation/action`.
3. Sends a POST request to create a user, exploiting the missing authentication.
4. Displays success or failure with credential info.

---

## ⚠️ Disclaimer

> This tool is provided for **educational and authorized penetration testing purposes only**.
> **Unauthorized access to systems is illegal** and punishable under law.
> The author is not responsible for any misuse or damage caused.

---

## 📞 Author

* **Name:** Gaurav Bhattacharjee (aka 0xgh057r3c0n)
* **GitHub:** [github.com/0xgh057r3c0n](https://github.com/0xgh057r3c0n)
* **Email:** [gauravbhattacharjee54@gmail.com](mailto:gauravbhattacharjee54@gmail.com)
* **LinkedIn:** [linkedin.com/in/gaurav-bhattacharjee](https://www.linkedin.com/in/gaurav-bhattacharjee/)

---

File Snapshot

 [4.0K]  /data/pocs/be224b77ffcb5220f20b8e54fde18a72343eebb5
├── [4.8K]  CVE-2025-3102.py
├── [1.1K]  LICENSE
├── [3.1K]  README.md
└── [  18]  requirements.txt

1 directory, 4 files

Remarks