Brainstorm Force SureTriggers CVE-2025-27007
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82.
AnalysisAI
The SureTriggers WordPress plugin through version 1.0.82 contains a privilege escalation vulnerability that allows unauthenticated attackers to elevate their access to administrator level. This is a separate, broader vulnerability than the earlier CVE-2025-3102, affecting more installations since it works even on configured instances.
Technical ContextAI
Unlike the earlier secret_key bypass (CVE-2025-3102) which only worked on unconfigured installations, this Incorrect Privilege Assignment vulnerability affects all SureTriggers instances through version 1.0.82. The plugin's user management API contains a logic flaw that allows unauthenticated users to assign themselves the administrator role through crafted API requests.
Affected ProductsAI
SureTriggers: All-in-One Automation Platform <= 1.0.82
RemediationAI
Update to SureTriggers 1.0.83 or later immediately. Audit WordPress user accounts for unauthorized administrators. Review plugin installations for unknown entries. Enable WordPress activity logging to detect future unauthorized privilege changes.
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today