WordPress plugin security update advisory

May 09 2025

Overview

We have released a security update to address a vulnerability in our WordPress plugin. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-27007, CVE-2025-3102

OttoKit (Sure Triggers) Version: 1.0.82 and earlier

Resolved Vulnerabilities

Privilege escalation vulnerability (CVE-2025-27007)
Administrator Account Creation Vulnerability (CVE-2025-3102)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-27007, CVE-2025-3102

OttoKit (Sure Triggers) version: 1.0.83

References

[1] OttoKit: All-in-One Automation Platform (Formerly SureTriggers) <= 1.0.82 – Unauthenticated Privilege Escalation
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/suretriggers/suretriggers-1082-unauthenticated-privilege-escalation
[2] SureTriggers <= 1.0.78 – Authorization Bypass due to Missing Empty Value Check to Unauthenticated Administrative User Creation
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/suretriggers/suretriggers-1078-authorization-bypass-due-to-missing-empty-value-check-to-unauthenticated-administrative-user-creation

WordPress plugin security update advisory

MS Family May 2025 1st Security Update Advisory

Cisco Family May 2025 First Round Security Update Advisory

Tags:

MS Family May 2025 1st Security Update Advisory

Cisco Family May 2025 First Round Security Update Advisory