CVE-2025-3102 Scanner
CVE-2025-3102 Scanner - Unauthenticated Admin Account Creation vulnerability in SureTriggers – All-in-One Automation Platform
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
8 days 19 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
SureTriggers – All-in-One Automation Platform is a WordPress plugin designed to streamline workflows by automating various actions across connected applications. It is commonly used by website administrators, marketers, and business owners to create seamless integrations between WordPress and third-party services. The plugin simplifies complex tasks, supports conditional workflows, and is widely adopted due to its user-friendly interface. It is particularly valuable for websites requiring scheduled or event-driven automation. Despite its usefulness, such automation plugins can pose significant risks when improperly configured. Ensuring security in automation-related operations is vital to prevent unauthorized system access.
This scanner detects a critical authentication bypass vulnerability in the SureTriggers plugin for WordPress. The vulnerability allows unauthenticated attackers to create administrator accounts without valid credentials or API key configuration. It arises from a missing check for empty 'secret_key' values in the 'autheticate_user' function. When this check fails, unauthorized users can exploit the logic flaw to register as site admins. The flaw is present in all versions up to and including 1.0.78. This makes the plugin a significant risk on unpatched and misconfigured websites.
The vulnerability stems from improper handling of authentication in the REST endpoint `/wp-json/sure-triggers/v1/automation/action`. When the plugin is active but not configured with a valid API key, the endpoint fails to validate the `st_authorization` header. Attackers can exploit this logic flaw by sending a crafted JSON request to trigger the `create_user_if_not_exists` action. Without verifying authentication, the plugin creates a new administrator account with attacker-controlled credentials. The affected file is `RestController.php`, particularly at line 59, where critical checks are missing.
If exploited, this vulnerability allows attackers to gain full administrative control over a WordPress site. With admin access, they can install malicious plugins, modify or delete content, exfiltrate user data, and completely compromise the integrity of the website. In severe cases, it could serve as a launch point for broader attacks within connected systems. It also risks reputational damage and data breaches for the affected website. Organizations relying on SureTriggers must act immediately to mitigate the issue.
REFERENCES
- https://plugins.trac.wordpress.org/browser/suretriggers/trunk/src/Controllers/RestController.php#L59
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3266499%40suretriggers%2Ftrunk&old=3264905%40suretriggers%2Ftrunk
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ec017311-f150-4a14-a4b4-b5634f574e2b?source=cve
- https://github.com/Nxploited/CVE-2025-3102
