A significant security flaw in the SureTriggers plugin for WordPress has been brought to light, leaving over 100,000 websites vulnerable to potential attacks. This vulnerability, known as CVE-2025-3102, has been classified with a high severity rating, scoring 8.1 on the CVSS scale. The exploitable flaw allows unauthorized individuals to create administrator accounts under specific conditions, potentially granting them full control over the websites in question.
SureTriggers, previously known as OttoKit, is an automation platform that aims to streamline online workflows by connecting various web apps, services, and WordPress plugins. However, this popular plugin has now become a cause for concern within the cybersecurity community due to this critical vulnerability that has been discovered.
Shortly after the vulnerability was disclosed publicly, reports from Wordfence Intelligence revealed active exploitation. The vulnerability stems from an authorization bypass caused by a missing empty value check in the plugin’s authenticate_user() function. This flaw can be abused by attackers if the plugin is installed and activated without configuring an API key, a common oversight with newly installed plugins.
The discovery of this vulnerability is credited to security researcher mikemyers, who received a bug bounty of $1,024 for identifying the issue. The impact of this vulnerability spans across all versions of SureTriggers up to version 1.0.78, prompting users to update to the patched version, 1.0.79, to safeguard their websites against potential threats.
Within the plugin’s code, the flaw originates from the authenticate_user() function within the RestController class. This function is designed to authenticate API requests using a secret key found in the request header. However, the lack of validation for empty values means that even with a blank secret key provided by an attacker, the authentication check can be bypassed, granting unauthorized access to REST API endpoints.
Once attackers gain administrative access through this vulnerability, they can carry out malicious activities such as uploading harmful themes or plugins, injecting spam or malware, or redirecting users to malicious external sites. The consequences of such a breach range from damaging search engine optimization (SEO) to compromising customer data, highlighting the severity of the issue at hand.
What makes this SureTriggers vulnerability particularly alarming is that attackers don’t need prior access or login credentials—only a vulnerable, unconfigured version of the plugin running on the target site. This underscores the importance of secure default configurations for plugin developers to prevent such exploits.
In conclusion, the SureTriggers vulnerability serves as a reminder of the crucial nature of proactive site security and timely updates within the WordPress ecosystem. Security experts advise users to update to version 1.0.79 or later, even for inactive but installed plugins, as unpatched versions remain exploitable. Administrators are also urged to conduct thorough audits of plugin settings and watch for unauthorized admin accounts to mitigate the risk of potential attacks. Failure to address such vulnerabilities could open the door to further exploitation, emphasizing the need for vigilance and diligence in maintaining website security.