CVSS: 10.0EPSS: 78%CPEs: 1EXPL: 3CVE-2025-27007 – WordPress SureTriggers <= 1.0.82 - Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2025-27007
30 Apr 2025 — Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82. The OttoKit: All-in-One Automation Platform (Formerly SureTriggers) plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.82. This is due to the create_wp_connection() function missing a capability check and insufficiently verifying a user's authentication credentials. This makes it possible for unau... • https://packetstorm.news/files/id/190854 • CWE-266: Incorrect Privilege Assignment CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49749 – WordPress SureTriggers Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-49749
04 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!.This issue affects SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!: from n/a through 1.0.23. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en SureTriggers SureTriggers – Connect All Your Plugins, Apps, Tools & Automate Everything!. Este problema afecta a SureTriggers: Connect All Your Plugins, Apps, Tools & Automate Everything! • https://patchstack.com/database/vulnerability/suretriggers/wordpress-suretriggers-plugin-1-0-23-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •