Summary: A serious vulnerability in the SureTriggers plugin for WordPress, identified as CVE-2025-3102 with a CVSS score of 8.1, puts over 100,000 websites at risk by allowing unauthorized users to create administrator accounts. Discovered by researcher mikemyers, the flaw has been actively exploited shortly after its disclosure, necessitating immediate updates for affected users. This highlights the critical need for robust plugin security and proper configurations in the WordPress environment.
Affected: SureTriggers plugin for WordPress
Keypoints :
- The vulnerability allows unauthorized account creation under specific conditions, potentially leading to full site control.
- Active exploitation began just hours after the vulnerability was disclosed, underscoring immediate risks for users.
- Users are urged to update to version 1.0.79 to patch the vulnerability and review their plugin configurations for security.
Source: https://thecyberexpress.com/suretriggers-vulnerability/