module
WordPress SureTriggers (aka OttoKit) Combined Auth Bypass (CVE-2025-3102, CVE-2025-27007)
| Disclosed |
|---|
| Mar 13, 2025 |
Disclosed
Mar 13, 2025
Description
Exploits two distinct authorization bypasses in SureTriggers/OttoKit plugin:
- CVE-2025-3102: admin creation via St-Authorization Bearer (empty)
- CVE-2025-27007: reset access key via connection endpoint & admin creation with Bearer header
- CVE-2025-3102: admin creation via St-Authorization Bearer (empty)
- CVE-2025-27007: reset access key via connection endpoint & admin creation with Bearer header
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.