CVE-2025-27007

CRITICAL EXPLOITED NUCLEI

OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation

Title source: nuclei

Exploitation Summary

CVE-2025-27007 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 4 public exploits from researchers including Abdualhadi khalifa, cybersecplayground, absholi7ly, including a Metasploit module exploits/multi/http/wp_suretriggers_auth_bypass. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in SureTriggers OttoKit Plugin ≤ 1.0.82. It leverages an uninitialized plugin state to create an administrator account via a REST API endpoint.

Description

Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through <= 1.0.82.

Exploits (4)

exploitdb WORKING POC

by Abdualhadi khalifa · textwebappsmultiple

https://www.exploit-db.com/exploits/52286

View Code ZIP pw:eip

This exploit targets a privilege escalation vulnerability in SureTriggers OttoKit Plugin ≤ 1.0.82. It leverages an uninitialized plugin state to create an administrator account via a REST API endpoint.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: SureTriggers OttoKit Plugin ≤ 1.0.82

No auth needed

Prerequisites: OttoKit installed and activated · Plugin uninitialized (no API key or secret_key set) · REST API endpoint accessible

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WRITEUP 7 stars

by cybersecplayground · poc

https://github.com/cybersecplayground/PoC-and-CVE-Reports/tree/main/2025/CVE-2025-27007.md

View Code ZIP pw:eip

The repository contains detailed technical writeups for multiple CVEs, including CVE-2024-10914 (command injection in account_mgr.cgi), CVE-2024-22024 (XXE in Ivanti Connect Secure), and CVE-2024-22120 (SQLi to RCE in Zabbix). Each writeup includes vulnerability descriptions, proof-of-concept examples, mitigation recommendations, and references.

Classification

Writeup 95%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Multiple (account_mgr.cgi, Ivanti Connect Secure, Zabbix, etc.)

No auth needed

Prerequisites: Access to vulnerable endpoints · Basic understanding of exploit techniques

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC 3 stars

by absholi7ly · remote

https://github.com/absholi7ly/CVE-2025-27007-OttoKit-exploit

View Code ZIP pw:eip

This repository provides a working proof-of-concept for CVE-2025-27007, an authentication bypass and privilege escalation vulnerability in OttoKit (SureTriggers) for WordPress. The exploit leverages an uninitialized plugin state to create an administrator account via a crafted HTTP POST request to the REST API endpoint.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: OttoKit (SureTriggers) for WordPress ≤ 1.0.82

No auth needed

Prerequisites: OttoKit (SureTriggers) plugin installed and activated · Plugin uninitialized (no API key or secret_key set) · REST API endpoint '/wp-json/sure-triggers/v1/automation/action' accessible

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1133 - External Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Michael Mazzolini (mikemyers), Denver Jackson, Khaled Alenazi (Nxploited), Valentin Lobstein · rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_suretriggers_auth_bypass.rb

View Code ZIP pw:eip

This Metasploit module exploits two distinct authorization bypass vulnerabilities (CVE-2025-3102 and CVE-2025-27007) in the WordPress SureTriggers (OttoKit) plugin to create an administrator account and achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: WordPress SureTriggers (OttoKit) plugin <= 1.0.82

No auth needed

Prerequisites: Target running vulnerable version of SureTriggers/OttoKit plugin · Network access to WordPress site

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1133 - External Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation

CRITICALVERIFIEDby iamnoooob,rootxharsh,pdresearch

References (3)

Core 3

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/Wordpress/Plugin/suretriggers/vulnerability/wordpress-suretriggers-1-0-82-privilege-escalation-vulnerability?_s_id=cve

Third Party Advisory

https://patchstack.com/articles/additional-critical-ottokit-formerly-suretriggers-vulnerability-patched?_s_id=cve

Third Party Advisory

https://patchstack.com/database/wordpress/plugin/suretriggers/vulnerability/wordpress-suretriggers-1-0-82-privilege-escalation-vulnerability?_s_id=cve

Scores

CVSS v3 9.8

EPSS 0.8296

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2025-04-30

CWE

CWE-266

Status published

Products (2)

Brainstorm Force/OttoKit < 1.0.82

Brainstorm Force/SureTriggers < 1.0.82

Published May 01, 2025

Tracked Since Feb 18, 2026