CVE-2025-3102

The repository contains a functional exploit PoC for CVE-2026-22812, targeting OpenCode for remote command execution (RCE). The script sends a crafted JSON payload to the '/session' endpoint to establish a session, then executes the 'id' command via the '/session/{id}/shell' endpoint, verifying RCE by checking for 'uid=' and 'gid=' in the response.

This repository contains a functional Python exploit for CVE-2025-3102, an authentication bypass vulnerability in the SureTriggers WordPress plugin (≤ 1.0.78). The exploit creates an administrator account by leveraging a missing empty value check on the `st_authorization` header.

This repository contains a functional exploit for CVE-2025-3102, targeting the WordPress SureTriggers plugin (<= 1.0.78). The exploit automates the creation of an administrator account via an unauthenticated API endpoint and includes additional features like webshell upload and brute-forcing.

This is a functional exploit PoC for CVE-2025-3102, an authentication bypass vulnerability in the SureTriggers WordPress plugin. It allows unauthenticated attackers to create administrator accounts by exploiting a missing empty value check on the `secret_key` in the `autheticate_user` function.

This YAML file contains a functional exploit for CVE-2025-3102, an authorization bypass in the SureTriggers WordPress plugin. It sends a crafted HTTP POST request to create a new user without authentication by leveraging a missing authorization check in the plugin's API endpoint.

The repository contains functional exploit code for CVE-2025-3102, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target.

This PoC exploits an authentication bypass vulnerability in the SureTriggers WordPress plugin (CVE-2025-3102) by sending a crafted JSON payload to create a new user with predefined credentials. It includes version checking and automated exploitation for multiple targets.

This is a functional exploit for an authorization bypass vulnerability in the SureTriggers WordPress plugin (versions <= 1.0.78), allowing unauthenticated user creation via a crafted POST request to the plugin's automation endpoint.

This YAML file is a Nuclei template designed to detect the version of the SureTriggers WordPress plugin by extracting the version from exposed asset URLs and comparing it to determine if it is vulnerable (<= 1.0.78). It does not contain exploit code but serves as a scanner for vulnerability detection.

This YAML file is a Nuclei template designed to scan for vulnerable versions of the SureTriggers WordPress plugin by checking the version in the readme.txt file. It does not contain exploit code but detects versions <= 1.0.78, which are vulnerable to CVE-2025-3102.

This PoC exploits CVE-2025-3102 in the SureTriggers WordPress plugin (≤ v1.0.78) by leveraging an unauthenticated REST API endpoint to create an admin user. It includes version detection, multi-threading, and validation of the WordPress login page.

This Metasploit module exploits two distinct authorization bypass vulnerabilities in the WordPress SureTriggers (OttoKit) plugin to create an administrator account and achieve remote code execution. It leverages CVE-2025-3102 and CVE-2025-27007 to bypass authentication and execute arbitrary commands via a malicious plugin upload.