Summary: A critical vulnerability in the WordPress automation plugin SureTriggers has been identified, exposing over 100,000 sites to the risk of unauthorized administrative account creation. This flaw, tracked as CVE-2025-3102, allows attackers to bypass authentication when the plugin is not properly configured, potentially leading to full site compromise. Users are urged to update to the patched version immediately and check for rogue admin accounts.
Affected: SureTriggers Plugin
Keypoints :
- Vulnerability CVE-2025-3102 allows unauthenticated administrative account creation.
- Attackers can exploit the flaw by sending blank secret keys if the plugin lacks proper configuration.
- Instances of exploitation were observed within hours of the vulnerability’s disclosure.
- Immediate update to SureTriggers version 1.0.79 or later is recommended to mitigate risks.