SureTriggers Vulnerability Impacts More Than 100,000 WordPress Sites

Published:

spot_img

Critical SureTriggers Vulnerability Puts Over 100,000 Websites at Risk

Major Vulnerability Discovered in SureTriggers Plugin: 100,000+ Websites at Risk

A significant security flaw has recently been identified in the SureTriggers WordPress plugin, exposing over 100,000 websites to potential cyber attacks. The vulnerability, officially designated as CVE-2025-3102, holds a high-severity CVSS score of 8.1, which could allow malicious actors to create unauthorized administrator accounts under certain conditions—granting them full control of affected websites.

SureTriggers, rebranded from OttoKit, is an automation tool used to connect various web apps, services, and WordPress plugins. However, its recent vulnerability has raised alarm bells within the cybersecurity community. Following its public disclosure, cybercriminals began exploiting this flaw just hours later, according to findings from Wordfence Intelligence.

The vulnerability arises from a missing empty value check in the plugin’s authenticate_user() function, leading to an authorization bypass. Attackers can exploit this flaw if the plugin is installed but not configured with an API key—a scenario common with newly downloaded plugins.

Security researcher Mikemyers discovered this issue and received a $1,024 bug bounty for the find. All versions of SureTriggers prior to 1.0.79 are affected, and users are urged to update immediately to safeguard their sites.

The implications of this vulnerability are serious; once attackers gain administrative access, they can upload malicious content, redirect users, or compromise sensitive data. The vulnerability is particularly alarming since it requires no prior login or access level—only that a vulnerable version of the plugin is installed.

As a reminder, this incident underscores the necessity for WordPress site administrators to prioritize plugin security and maintain diligent update practices. Users should also proceed with thorough audits of their plugin settings to counteract potential risks.

spot_img

Related articles

Recent articles

Flock Chooses Not to Use Hacked Data for People Search Tool

Flock's New People Search Tool: Nova's Commitment to Data Integrity Introduction to Flock Nova In a recent company-wide meeting, Flock, a prominent surveillance technology firm, made...

DeepSeek Launches Enhanced R1 Model to Challenge OpenAI and Google

DeepSeek Unveils Updated R1 Reasoning AI Model DeepSeek has recently made headlines with the release of its updated R1 reasoning AI model, as announced through...

Dubai Real Estate Experts Reveal 3 Predictions Following Record $17 Billion Sales in April

Insights from Dubai's Real Estate Roundtable: A Path Forward As Dubai's property market continues to soar to new heights, an exclusive roundtable organized by Property...

EDDIESTEALER Malware Bypasses Chrome’s Encryption to Steal Browser Data

New Malware Campaign: The Rise of EDDIESTEALER A recent cybersecurity report has unveiled a concerning trend involving a new malware campaign that disseminates a Rust-based...