漏洞描述
WordPress的SureTriggers插件是一款用于自动化任务的插件,旨在简化用户的工作流程。然而,该插件的所有版本(包括1.0.78版本)中存在身份验证绕过漏洞。漏洞位于'authenticate_user'函数中,由于未对'secret_key'值进行空值检查,攻击者可以利用该漏洞在未配置API密钥的情况下创建管理员账户,从而对目标网站造成严重威胁。
WordPress Plugin Suretriggers /wp-json/sure-triggers/v1/automation/action 未授权访问漏洞(CVE-2025-3102)
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-4302: Stop User Enumeration WordPress plugin - Authentication Bypass
- WordPress plugin WP JobHunt 跨站脚本漏洞
- Wordpress Plugin Ultimate Auction Pro /wp-admin/admin-ajax.php uwa_see_more_bids_ajax SQL 注入漏洞 (CVE-2025-4204)
- WordPress plugin Events Addon for Elementor 跨站脚本漏洞
- WordPress plugin Related Posts Lite 跨站请求伪造漏洞
- WordPress plugin TablePress 跨站脚本漏洞
- WordPress plugin Ocean Extra 跨站脚本漏洞
- CVE-2019-19985: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
- WordPress Plugin email-subscribers /wp-admin/admin-post.php advanced_filter SQL 注入漏洞(CVE-2024-2876)
- POC CVE-2011-5106: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting
- POC CVE-2012-1835: WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
- POC CVE-2012-4242: WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting
- POC CVE-2012-6499: WordPress Plugin Age Verification v0.4 - Open Redirect