CVE-2025-3102

The repository contains a functional exploit PoC for CVE-2026-22812, targeting OpenCode for remote command execution (RCE). The script sends a crafted JSON payload to the '/session' endpoint to establish a session, then executes the 'id' command via the '/session/{id}/shell' endpoint, verifying RCE by checking for 'uid=' and 'gid=' in the response.

This repository contains a functional Python exploit for CVE-2025-3102, an authentication bypass vulnerability in the SureTriggers WordPress plugin (≤ 1.0.78). The exploit creates an administrator account by leveraging a missing empty value check on the `st_authorization` header.

This repository contains a functional exploit for CVE-2025-3102, targeting the WordPress SureTriggers plugin (<= 1.0.78). The exploit automates the creation of an administrator account via an unauthenticated API endpoint and includes additional features like webshell upload and brute-forcing.

This is a functional exploit PoC for CVE-2025-3102, an authentication bypass vulnerability in the SureTriggers WordPress plugin. It allows unauthenticated attackers to create administrator accounts by exploiting a missing empty value check on the `secret_key` in the `autheticate_user` function.

This YAML file contains a functional exploit for CVE-2025-3102, an authorization bypass in the SureTriggers WordPress plugin. It sends a crafted HTTP POST request to create a new user without authentication by leveraging a missing authorization check in the plugin's API endpoint.

The repository contains functional exploit code for CVE-2025-3102, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the ability to upload a malicious file to a vulnerable target.

This PoC exploits an authentication bypass vulnerability in the SureTriggers WordPress plugin (CVE-2025-3102) by sending a crafted JSON payload to create a new user with predefined credentials. It includes version checking and automated exploitation for multiple targets.

This is a functional exploit for an authorization bypass vulnerability in the SureTriggers WordPress plugin (versions <= 1.0.78), allowing unauthenticated user creation via a crafted POST request to the plugin's automation endpoint.

This YAML file is a Nuclei template designed to detect the version of the SureTriggers WordPress plugin by extracting the version from exposed asset URLs and comparing it to determine if it is vulnerable (<= 1.0.78). It does not contain exploit code but serves as a scanner for vulnerability detection.

This YAML file is a Nuclei template designed to scan for vulnerable versions of the SureTriggers WordPress plugin by checking the version in the readme.txt file. It does not contain exploit code but detects versions <= 1.0.78, which are vulnerable to CVE-2025-3102.

This PoC exploits CVE-2025-3102 in the SureTriggers WordPress plugin (≤ v1.0.78) by leveraging an unauthenticated REST API endpoint to create an admin user. It includes version detection, multi-threading, and validation of the WordPress login page.