Exploit for CVE-2025-3102

Name: Exploit for CVE-2025-3102
Rating: 5 (45 reviews)
2025-04-14 | CVSS 8.1
## https://sploitus.com/exploit?id=637A8045-FF1A-5BA6-B4E7-CCD4F716B892
# 🔐 CVE-2025-3102 – Authentication Bypass in SureTriggers WordPress Plugin

🚨 **CVE-2025-3102** is a critical authentication bypass vulnerability affecting the **SureTriggers: All-in-One Automation Platform** WordPress plugin, which is actively installed on over **100,000 websites**. Due to the nature of the flaw and the scale of deployment, this vulnerability poses a significant security risk.

---

## 🧠 Vulnerability Summary

- **CVE ID**: CVE-2025-3102  
- **Affected Plugin**: SureTriggers – All-in-One Automation Platform  
- **Versions Affected**: ≤ 1.0.78  
- **Vulnerability Type**: Authentication Bypass → Privilege Escalation  
- **Severity**: HIGH (8.1)  
- **CVSS Vector**: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H`  

### 📄 Description

The SureTriggers plugin for WordPress is vulnerable to an **authentication bypass** that allows unauthenticated attackers to create **administrator accounts**. This is due to a **missing empty value check** on the `secret_key` inside the `autheticate_user` function.

When the plugin is installed and activated but **not configured with an API key**, attackers can bypass authentication by sending an empty `st_authorization` header, triggering actions reserved for authenticated users.

---

## ⚙️ Exploit Script Overview

A Python script is provided to automate exploitation of this vulnerability.  
This script allows you to generate a new admin user on vulnerable sites.

---

## 📋 Requirements

- A WordPress site with **SureTriggers ≤ v1.0.78**
- The plugin must be:
  - ✅ Installed
  - ✅ Activated
  - ❌ Not configured with an API Key

---

## 🚀 Features

- Automatic detection of plugin version via `readme.txt`
- Bypasses authentication using empty `st_authorization` header
- Creates administrator user via vulnerable REST API call
- Enhanced CLI interface with detailed output and validation
- Supports custom email, username, and password generation

---

## 🧪 Usage

```
usage: CVE-2025-3102.py [-h] -u URL [-nmail NEWMAIL] [-nu NEWUSER] [-np NEWPASSWORD]

SureTriggers <= 1.0.78 - Authorization Bypass Exploit  
By: rHz0d

options:
  -h, --help              Show this help message and exit
  -u, --url URL           Target WordPress base URL
  -nmail, --newmail NEWMAIL       Email to register
  -nu, --newuser NEWUSER          Username to register
  -np, --newpassword NEWPASSWORD  Password for the new user
```

---

## 📤 Output Example

```
[+] Detected plugin version: 1.0.78
[+] Vulnerable version detected. Proceeding...
[*] Exploiting the target in 3 seconds...
[+] Email generated: evil@example.com
[+] Username generated: eviluser
[+] Password generated: P@ssw0rd123!
[+] Exploit Successful!
[+] Login credentials: eviluser:P@ssw0rd123!
```

---

## ⚠️ Disclaimer

This script is provided **for educational purposes only**.  
Unauthorized use of this code against targets without explicit permission is **illegal**.  
The author assumes **no liability** for any misuse or damage caused.

---

*By: rHz0d*