Wordpress SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation# 🔐 CVE-2025-3102 – Authentication Bypass in SureTriggers WordPress Plugin
🚨 **CVE-2025-3102** is a critical authentication bypass vulnerability affecting the **SureTriggers: All-in-One Automation Platform** WordPress plugin, which is actively installed on over **100,000 websites**. Due to the nature of the flaw and the scale of deployment, this vulnerability poses a significant security risk.
---
## 🧠 Vulnerability Summary
- **CVE ID**: CVE-2025-3102
- **Affected Plugin**: SureTriggers – All-in-One Automation Platform
- **Versions Affected**: ≤ 1.0.78
- **Vulnerability Type**: Authentication Bypass → Privilege Escalation
- **Severity**: HIGH (8.1)
- **CVSS Vector**: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H`
### 📄 Description
The SureTriggers plugin for WordPress is vulnerable to an **authentication bypass** that allows unauthenticated attackers to create **administrator accounts**. This is due to a **missing empty value check** on the `secret_key` inside the `autheticate_user` function.
When the plugin is installed and activated but **not configured with an API key**, attackers can bypass authentication by sending an empty `st_authorization` header, triggering actions reserved for authenticated users.
---
## ⚙️ Exploit Script Overview
A Python script is provided to automate exploitation of this vulnerability.
This script allows you to generate a new admin user on vulnerable sites.
---
## 📋 Requirements
- A WordPress site with **SureTriggers ≤ v1.0.78**
- The plugin must be:
- ✅ Installed
- ✅ Activated
- ❌ Not configured with an API Key
---
## 🚀 Features
- Automatic detection of plugin version via `readme.txt`
- Bypasses authentication using empty `st_authorization` header
- Creates administrator user via vulnerable REST API call
- Enhanced CLI interface with detailed output and validation
- Supports custom email, username, and password generation
---
## 🧪 Usage
```
usage: CVE-2025-3102.py [-h] -u URL [-nmail NEWMAIL] [-nu NEWUSER] [-np NEWPASSWORD]
SureTriggers <= 1.0.78 - Authorization Bypass Exploit
By: rHz0d
options:
-h, --help Show this help message and exit
-u, --url URL Target WordPress base URL
-nmail, --newmail NEWMAIL Email to register
-nu, --newuser NEWUSER Username to register
-np, --newpassword NEWPASSWORD Password for the new user
```
---
## 📤 Output Example
```
[+] Detected plugin version: 1.0.78
[+] Vulnerable version detected. Proceeding...
[*] Exploiting the target in 3 seconds...
[+] Email generated: evil@example.com
[+] Username generated: eviluser
[+] Password generated: P@ssw0rd123!
[+] Exploit Successful!
[+] Login credentials: eviluser:P@ssw0rd123!
```
---
## ⚠️ Disclaimer
This script is provided **for educational purposes only**.
Unauthorized use of this code against targets without explicit permission is **illegal**.
The author assumes **no liability** for any misuse or damage caused.
---
*By: rHz0d*
[4.0K] /data/pocs/fe2b32a433b93d234cb6a1eec64d0699ffd17d46
├── [5.2K] CVE-2025-3102.py
├── [1.0K] LICENCE
└── [3.0K] README.md
0 directories, 3 files