Share 
## https://sploitus.com/exploit?id=FFD9656F-C31B-5D7D-BE4A-5FB2F4027106
# SureTriggers <= 1.0.78 - Authorization Bypass Exploit

This tool exploits an **authorization bypass vulnerability** in the SureTriggers WordPress plugin (versions <= 1.0.78), allowing unauthenticated attackers to create new WordPress user accounts.

> ๐Ÿ”ฅ Developed by [0xgh057r3c0n](https://github.com/0xgh057r3c0n)

---

## ๐Ÿ“Œ Vulnerability Details

- **Plugin Name:** SureTriggers
- **Affected Versions:** <= 1.0.78
- **CVE:** Pending
- **Vulnerability Type:** Authorization Bypass โ†’ Unauthenticated User Creation
- **Attack Vector:** Remote (unauthenticated HTTP POST request)
- **Impact:** Allows arbitrary user registration with attacker-defined credentials.

---

## โš™๏ธ Features

- Automatically fetches and verifies the installed plugin version
- Bypasses authorization and creates a new WordPress user
- Customizable email, username, and password via CLI
- Color-coded terminal output
- Default credentials available for fast testing

---

## ๐Ÿš€ Usage

### ๐Ÿ”ง Requirements

- Python 3.x
- Modules: `requests`, `colorama`

Install dependencies:

```bash
pip3 install -r requirements.txt
````

Or manually:

```bash
pip3 install requests colorama
```

---

### ๐Ÿ› ๏ธ Running the Exploit

```bash
python3 CVE-2025-3102.py -u <target_url> [--newmail <email>] [--newuser <username>] [--newpassword <password>]
```

#### ๐Ÿ” Example:

```bash
python3 CVE-2025-3102.py -u https://target-site.com --newuser hacker --newpassword Pass123!
```

---

## ๐Ÿ“‹ Options

| Argument        | Description                    | Default                                                                   |
| --------------- | ------------------------------ | ------------------------------------------------------------------------- |
| `-u`, `--url`   | Base URL of the WordPress site | *Required*                                                                |
| `--newmail`     | Email address for the new user | [gauravbhattacharjee54@gmail.com](mailto:gauravbhattacharjee54@gmail.com) |
| `--newuser`     | Username to create             | 0xgh057r3c0n                                                              |
| `--newpassword` | Password for the new user      | Wiz007\@8876@                                                             |

---

## ๐Ÿง  How It Works

1. Checks the plugin version by reading `readme.txt`.
2. Constructs a special request to `wp-json/sure-triggers/v1/automation/action`.
3. Sends a POST request to create a user, exploiting the missing authentication.
4. Displays success or failure with credential info.

---

## โš ๏ธ Disclaimer

> This tool is provided for **educational and authorized penetration testing purposes only**.
> **Unauthorized access to systems is illegal** and punishable under law.
> The author is not responsible for any misuse or damage caused.

---

## ๐Ÿ“ž Author

* **Name:** Gaurav Bhattacharjee (aka 0xgh057r3c0n)
* **GitHub:** [github.com/0xgh057r3c0n](https://github.com/0xgh057r3c0n)
* **Email:** [gauravbhattacharjee54@gmail.com](mailto:gauravbhattacharjee54@gmail.com)
* **LinkedIn:** [linkedin.com/in/gaurav-bhattacharjee](https://www.linkedin.com/in/gaurav-bhattacharjee/)

---