CVE-2025-3102 - Overview, Insights & Trends

CVE-2025-3102

Published Apr 10, 2025

Last updated 5 days ago

CVSS high 8.1
WordPress
SureTriggers

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-3102 is an authentication bypass vulnerability affecting the SureTriggers: All-in-One Automation Platform plugin for WordPress. Specifically, it resides in versions up to and including 1.0.78. The vulnerability stems from a missing empty value check on the 'secret_key' value within the 'autheticate_user' function. This flaw allows unauthenticated attackers to create administrator accounts on a target website if the plugin is installed and activated but hasn't been configured with an API key. The vulnerability was discovered by Michael Mazzolini on March 13, 2025, and a fix was implemented in version 1.0.79 of the plugin, released on April 3, 2025.

Description
The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-697

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1). https://t.co/bjcvn2v3pa https://t.co/vjePpAf7G4

    @riskigy

    14 Apr 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Exploit com interface gráfica para a vulnerabilidade CVE-2025-3102 no plugin WordPress SureTriggers (<= 1.0.78). https://t.co/ihvYLl97wz https://t.co/nPmUy07JMv

    @itsismarcos

    14 Apr 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Actively exploited CVE : CVE-2025-3102

    @transilienceai

    13 Apr 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. 🚨 100K WordPress Sites at Risk Critical vuln CVE-2025-3102 in SureTriggers plugin lets attackers create admin accounts without auth. 🔓 REST API auth bypass via empty keys 🛠️ Affects v1.0.78 & below 🎯 Leads to full site takeover 💡 Patch available: v1.0.79 Admins: Update

    @CareWeDoNot

    13 Apr 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2025-3102

    @transilienceai

    13 Apr 2025

    131 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  6. 🚨 Hackers exploit OttoKit WordPress plugin flaw! A critical auth bypass (CVE-2025-3102) lets attackers create admin accounts without login. Check your site for strange admin accounts! #Darkweb #Deepweb #CyberSecurity Breaking news from the world &… https://t.co/ZF7G3lwjoe ht

    @godeepweb

    12 Apr 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Actively exploited CVE : CVE-2025-3102

    @transilienceai

    12 Apr 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Morocco Issues Urgent Cybersecurity Alert: Vulnerability in #SureTriggers Plugin for #WordPress https://t.co/rMlm5j6rnO The #Moroccan Directorate General of Information Systems Security has issued a #warning about a severe vulnerability (CVE-2025-3102) in .. https://t.co/TGG2ewTp

    @BenyoubHassan

    12 Apr 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Urgent: Critical vulnerability in OttoKit WordPress plugin (CVE-2025-3102) exploited to create unauthorized admin accounts. Update to version 1.0.79 immediately. #WordPress #CyberSecurity #Vulnerability https://t.co/pUiBeyhjsI

    @dailytechonx

    11 Apr 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. WordPress Eklentisinde Ciddi Güvenlik Açığı: CVE-2025-3102 Saldırganlara Yönetici Hesabı Oluşturma İzni Veriyor https://t.co/zOBNCOsxCG https://t.co/1rcvoS2AmR

    @cozumpark

    11 Apr 2025

    284 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. A high-severity flaw in the OttoKit WordPress plugin (CVE-2025-3102) allows attackers to create admin accounts on unconfigured sites. Update to v1.0.79 ASAP! #WordPress #CyberSecurity #Vulnerability https://t.co/Kgde2FXu0H

    @Empist

    11 Apr 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Critical vulnerability (CVE-2025-3102) in the OttoKit WordPress plugin allows unauthenticated users to create admin accounts. Exploitation is active. Affects versions < 1.0.79. Update immediately to v1.0.79 to secure your site. #WordPress #CyberSecurity #CVE20253102 https://

    @CloneSystemsInc

    11 Apr 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-3102: WordPress plugin OttoKit (100K+ sites) hit with active auth bypass attacks hours after disclosure. Flaw lets attackers create admin users via REST API. Patch to v1.0.79 ASAP & check for compromise! https://t.co/0Nb2J990wi #wordpress #Exploit https://t.co/EJT

    @dCypherIO

    11 Apr 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Aprovechan la vulnerabilidad de la autenticación de los plugins de WordPress apenas horas después de su divulgación CVE-2025-3102 El plugin de WordPress OttoKit permite conectar plugins y herramientas como WooCommerce, Mailchimp y Google Sheets https://t.co/3zLqjBjqJ3

    @elhackernet

    11 Apr 2025

    1371 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  15. Da WordPress a Microsoft Office, passando per NVIDIA: vulnerabilità e aggiornamenti urgenti Sicurezza Informatica, bug licensing, crash, CVE-2024-0132, CVE-2025-3102, exploit, Microsoft 365 Family, NVIDIA container, Office 2016, patch emergenza, Wordpress https://t.co/xZ1ZKSOEAl

    @matricedigitale

    11 Apr 2025

    102 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 WordPress Alert: CVE-2025-3102 is being actively exploited in OttoKit (formerly SureTriggers). Attackers can create admin accounts & hijack sites. Patch now! #WordPress #cybersecurity https://t.co/Kzwo6ywE1m https://t.co/Kzwo6ywE1m

    @SalvadorCloud

    11 Apr 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. ALERT — A critical OttoKit plugin flaw (CVE-2025-3102) is under active attack: 100K+ WordPress sites at risk. Hackers can create admin accounts and fully take over vulnerable sites. Check admin users → Remove any suspicious accounts. 👉 Full details: https://t.co/IG8hKf1que ht

    @TheHackersNews

    11 Apr 2025

    9550 Impressions

    28 Retweets

    39 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 CVE-2025-3102 🔴 HIGH (8.1) 🏢 brainstormforce - OttoKit: All-in-One Automation Platform (Formerly SureTriggers) 🏗️ * 🔗 https://t.co/EAK8IggWhy 🔗 https://t.co/36R4gWPYz4 🔗 https://t.co/X3wsFJXYUr #CyberCron #VulnAlert #InfoSec https://t.co/UJTMHQ9hQo

    @cybercronai

    10 Apr 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 A severe auth bypass flaw (CVE-2025-3102) in the OttoKit plugin for WordPress is being exploited just hours post-disclosure. Update to version 1.0.79 to prevent unauthorized access! 🔒 #WordPress #SecurityAlert #USA link: https://t.co/xHm2l7mXSq https://t.co/xwIQivfl83

    @TweetThreatNews

    10 Apr 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CVE-2025-3102 The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a miss… https://t.co/QfOEE3hjYX

    @CVEnew

    10 Apr 2025

    123 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CVE-2025-3102: Incorrect Comparison in SureTriggers WP plugin, 8.1 rating❗️ Failure to check for an empty key value could allow an attacker to bypass the auth process. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/SCi4Trj0qC #cybersecurity #vulnerability_map https:/

    @Netlas_io

    10 Apr 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. �� CVE-2025-3102 - WordPress - HIGH 🚨 🗓️ Date published 2025-04-10 05:15:38 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/tGTkZGYZxd

    @vulns_space

    10 Apr 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. WordPressの自動化プラグイン「SureTriggers」に深刻な脆弱性(CVE-2025-3102)が発見され、10万以上のサイトが管理者アカウントを不正作成されるリスクにさらされている。 この問題は、APIキーが未設定の場合、認証なしでREST

    @yousukezan

    10 Apr 2025

    3145 Impressions

    7 Retweets

    22 Likes

    5 Bookmarks

    1 Reply

    0 Quotes

References