100,000 WordPress Sites Vulnerable to Rogue Creation Vulnerability
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical vulnerability affecting over 100,000 WordPress websites has been discovered in the SureTriggers WordPress plugin, potentially allowing attackers to create unauthorized administrator accounts.
The flaw, identified as CVE-2025-3102 with a CVSS score of 8.1 (High), impacts all versions of the plugin up to and including 1.0.78.
The vulnerability specifically targets websites where the plugin is installed and activated but not properly configured with an API key.
The security issue stems from an authentication bypass in the plugin’s REST API endpoint handling, which fails to properly validate empty secret key values.
When exploited, attackers can leverage this oversight to create administrator accounts without authentication, leading to complete site compromise.
Once administrative access is gained, malicious actors can upload backdoors, inject malware, redirect users to phishing sites, or insert spam content throughout the affected website.
Wordfence researchers identified the vulnerability on March 13th, 2025, through their Bug Bounty Program.
Security researcher mikemyers, who discovered and responsibly reported the issue, received a $1,024 bounty for the finding. Following the discovery, Wordfence promptly notified the plugin’s developer, Brainstorm Force, who released a patched version on April 3rd, 2025.
The vulnerability’s technical nature reveals a concerning oversight in the plugin’s security architecture.
The issue exists in the autheticate_user() function, which handles permission checks for the plugin’s REST API endpoints. The function compares the secret key in the request header with the configured secret key but fails to check for empty values.
Analysis of the Vulnerability
Examining the vulnerable code reveals how the authentication bypass occurs:-
public function autheticate_user($request) { $secret_key = $request->get_header('st_authorization'); list($secret_key) = sscanf($secret_key, 'Bearer %s');
if ($this->secret_key !== $secret_key) { return false; }
return true; }
The critical flaw is evident in the conditional statement that only compares the secret keys for inequality without verifying if either is empty.
Consequently, when both the plugin’s configured key and the attacker-supplied key are empty, the condition evaluates to true, granting the attacker access to the REST API endpoint.
Through this endpoint, attackers can execute the run_action() function to create administrator accounts without any authentication.
WordPress site administrators are strongly urged to update to version 1.0.79 immediately.
Also Read:
0-Click RCE in the SuperNote Nomad E-ink Tablet Lets Hackers Install Rootkit & Gain Full Control
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
100,000 WordPress Sites Vulnerable to Rogue Creation Vulnerability
Author: Tushar Subhra DuttaA critical vulnerability affecting over 100,000 WordPress websites has been discovered in the SureTriggers WordPress plugin, potentially allowing attackers to create unauthorized administrator accounts.
The flaw, identified as CVE-2025-3102 with a CVSS score of 8.1 (High), impacts all versions of the plugin up to and including 1.0.78.
The vulnerability specifically targets websites where the plugin is installed and activated but not properly configured with an API key.
The security issue stems from an authentication bypass in the plugin’s REST API endpoint handling, which fails to properly validate empty secret key values.
When exploited, attackers can leverage this oversight to create administrator accounts without authentication, leading to complete site compromise.
Once administrative access is gained, malicious actors can upload backdoors, inject malware, redirect users to phishing sites, or insert spam content throughout the affected website.
Wordfence researchers identified the vulnerability on March 13th, 2025, through their Bug Bounty Program.
Security researcher mikemyers, who discovered and responsibly reported the issue, received a $1,024 bounty for the finding. Following the discovery, Wordfence promptly notified the plugin’s developer, Brainstorm Force, who released a patched version on April 3rd, 2025.
The vulnerability’s technical nature reveals a concerning oversight in the plugin’s security architecture.
The issue exists in the autheticate_user() function, which handles permission checks for the plugin’s REST API endpoints. The function compares the secret key in the request header with the configured secret key but fails to check for empty values.
Analysis of the Vulnerability
Examining the vulnerable code reveals how the authentication bypass occurs:-
public function autheticate_user($request) { $secret_key = $request->get_header('st_authorization'); list($secret_key) = sscanf($secret_key, 'Bearer %s');
if ($this->secret_key !== $secret_key) { return false; }
return true; }
The critical flaw is evident in the conditional statement that only compares the secret keys for inequality without verifying if either is empty.
Consequently, when both the plugin’s configured key and the attacker-supplied key are empty, the condition evaluates to true, granting the attacker access to the REST API endpoint.
Through this endpoint, attackers can execute the run_action() function to create administrator accounts without any authentication.
WordPress site administrators are strongly urged to update to version 1.0.79 immediately.
Also Read:
0-Click RCE in the SuperNote Nomad E-ink Tablet Lets Hackers Install Rootkit & Gain Full Control
#Cyber_Security_News #Vulnerability #cyber_security_news #vulnerability
Оригинальная версия на сайте:
