关联漏洞
标题:
WordPress plugin SureTriggers 安全漏洞
(CVE-2025-3102)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin SureTriggers 1.0.78及之前版本存在安全漏洞,该漏洞源于认证绕过,可能导致管理员账户创建。
描述
Wordpress SureTriggers <= 1.0.78 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation
介绍
# 🔐 CVE-2025-3102 – Authentication Bypass in SureTriggers WordPress Plugin
🚨 **CVE-2025-3102** is a critical authentication bypass vulnerability affecting the **SureTriggers: All-in-One Automation Platform** WordPress plugin, which is actively installed on over **100,000 websites**. Due to the nature of the flaw and the scale of deployment, this vulnerability poses a significant security risk.
---
## 🧠 Vulnerability Summary
- **CVE ID**: CVE-2025-3102
- **Affected Plugin**: SureTriggers – All-in-One Automation Platform
- **Versions Affected**: ≤ 1.0.78
- **Vulnerability Type**: Authentication Bypass → Privilege Escalation
- **Severity**: HIGH (8.1)
- **CVSS Vector**: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H`
### 📄 Description
The SureTriggers plugin for WordPress is vulnerable to an **authentication bypass** that allows unauthenticated attackers to create **administrator accounts**. This is due to a **missing empty value check** on the `secret_key` inside the `autheticate_user` function.
When the plugin is installed and activated but **not configured with an API key**, attackers can bypass authentication by sending an empty `st_authorization` header, triggering actions reserved for authenticated users.
---
## ⚙️ Exploit Script Overview
A Python script is provided to automate exploitation of this vulnerability.
This script allows you to generate a new admin user on vulnerable sites.
---
## 📋 Requirements
- A WordPress site with **SureTriggers ≤ v1.0.78**
- The plugin must be:
- ✅ Installed
- ✅ Activated
- ❌ Not configured with an API Key
---
## 🚀 Features
- Automatic detection of plugin version via `readme.txt`
- Bypasses authentication using empty `st_authorization` header
- Creates administrator user via vulnerable REST API call
- Enhanced CLI interface with detailed output and validation
- Supports custom email, username, and password generation
---
## 🧪 Usage
```
usage: CVE-2025-3102.py [-h] -u URL [-nmail NEWMAIL] [-nu NEWUSER] [-np NEWPASSWORD]
SureTriggers <= 1.0.78 - Authorization Bypass Exploit
By: rHz0d
options:
-h, --help Show this help message and exit
-u, --url URL Target WordPress base URL
-nmail, --newmail NEWMAIL Email to register
-nu, --newuser NEWUSER Username to register
-np, --newpassword NEWPASSWORD Password for the new user
```
---
## 📤 Output Example
```
[+] Detected plugin version: 1.0.78
[+] Vulnerable version detected. Proceeding...
[*] Exploiting the target in 3 seconds...
[+] Email generated: evil@example.com
[+] Username generated: eviluser
[+] Password generated: P@ssw0rd123!
[+] Exploit Successful!
[+] Login credentials: eviluser:P@ssw0rd123!
```
---
## ⚠️ Disclaimer
This script is provided **for educational purposes only**.
Unauthorized use of this code against targets without explicit permission is **illegal**.
The author assumes **no liability** for any misuse or damage caused.
---
*By: rHz0d*
文件快照
[4.0K] /data/pocs/fe2b32a433b93d234cb6a1eec64d0699ffd17d46
├── [5.2K] CVE-2025-3102.py
├── [1.0K] LICENCE
└── [3.0K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。