Plug-in certigars is active on 100,000 WordPress instance. IT security researchers have discovered a safety difference in the IT that endanger these examples.
In one Wordfense IT researchers discuss blog postsThe attackers of the network can create administrative user accounts without pre -certification. If an API key is not set in surettriggers plug-in, the attackers can add users and thus compromise the WordPress Institute (CVE 2025-3102, CVSS) 8.1risk “High,
More detailed plug-in weak point exam
WordPress “surettriggers: All-in-one automation platform plugin ‘is susceptible to avoid authentication, which leads to a possible construction of an administrative account. The reason is that the price’ secet_Key ‘in all versions is the lack of reviews in’ Authetic_Us’, including 1.78. The analysis becomes even deeper and shows the weak code snipet.
Surtriggers programmer version 1.0.79 was released on Thursday of last week. This stops vulnerability. WordPress operators who use seretriggers plug-in must ensure that they update or use a new version. The minimum attacks are expected on vulnerability.
Due to the large amounts of available WordPress plug-in, there are dozens of security intervals every day. Fortunately, most are not widespread. Last week, however, a weak point in WordPress Plug-in WP Ultimate CSV importer became known, active on around 20,000 WordPress pages. If the attacker can use an account on the WordPress institute equipped with it, it also enables you to take you on full acquisition. An update software version is also available for this, for which the administrator should update quickly.
(DMK)
