Recently disclosed lack of high -speed security that affects the impact Flow (Previously, Suretriggers) were actively exploited within hours of public disclosure.
Vulnerability tracked as Cve-2025-3102 (CVSS assessment: 8.1) is a permit mistake that can allow the attacker to create administrator accounts under certain conditions and take under control the sensitive web.
“Suretriggers: All-In-Automation Platform for WordPress is vulnerable to the authentication ass withdrawal, leading to an administrative account due to the lack of an empty check” secret_key “in the” Auttict_user “feature in all versions and including, including, 1.0.78” “Wordfence istván márton márton – Note.
“This allows unauthorized attackers to create administrator credentials on the target site when the plugin is installed and activated, but not set up with the API key.”
Successful exploitation of vulnerability can allow the attacker to gain complete control over the WordPress site and use unauthorized access to the download of arbitrary plugins, make malicious modifications to maintain malware or spam and even redirect site visitors to other sketches.
Safety Research Michael Macalini . version 1.0.79 From the plugin released on April 3, 2025.
Ottokit offers WordPress users to connect to various applications and plugins through workflows that can be used to automate recurrent tasks.
While the plugin has more than 100,000 active installations, it notes that only the subsequent sites are actually operated due to the fact that it depends on the plugin in an unregulated state despite the installation and activation.
Given this, the attackers have already jumped up for operation, trying to quickly use the disclosure to create fake administrator accounts with the name “XTW1838783BC”, for the patch.
“Because it is randomized, it is very likely to be considered that the username, password and nickname will be different for each operating attempt,” – WordPress security company – Note.
Attempts to attack arose from two different IP -Dasters –
- 2a01: E5C0: 3167 :: 2 (IPv6)
- 89.169.15.201 (IPv4)
In light of the active operation of WordPress owners, which rely on the plugin, it is recommended to apply updates to optimal protection as soon as possible, check the availability of suspicious administrator accounts and delete them.
