cleantalk
Vulnerabilities and Security Researches

SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!, CVE-2025-3102

CVE, Research URL

CVE-2025-3102

Home page URL

Security reports for SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!

Application

SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!

Published on
Apr 10, 2025
Research Description
The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.
Affected versions
Min -, max 1.0.79.
Status
vulnerable
Previous vulnerability researches
SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! (CVE-2025-3102) , Apr 10, 2025
SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! (CVE-2024-5485) , Jun 07, 2024
SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! (CVE-2023-49749) , Jun 07, 2024
SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything! (CVE-2025-27007) , May 03, 2025
New vulnerability
Contact Form 7 reCAPTCHA (CVE-2025-23972) , Jul 08, 2025
Easy Stripe (CVE-2025-49302) , Jul 08, 2025
Gallery Widget (CVE-2025-28969) , Jul 08, 2025
Contact Us Page – Contact People (CVE-2025-28967) , Jul 07, 2025
WP fancybox (CVE-2025-26591) , Jul 07, 2025