AI description
CVE-2025-27007 is an incorrect privilege assignment vulnerability found in the Brainstorm Force SureTriggers WordPress plugin, specifically in versions up to 1.0.82. This vulnerability allows for privilege escalation due to a flaw in the `createwpconnection` function, which can be accessed through the plugin's REST API endpoint. The vulnerability stems from a logic error in processing responses from the `wpauthenticateapplicationpassword` function and insufficient token validation. Successful exploitation of CVE-2025-27007 could allow unauthenticated attackers to gain full control of a website by creating administrator-level user accounts. This is possible if the administrator has not set an application password. It has been observed that attackers have been actively exploiting this vulnerability in the wild, making it critical for users to update to version 1.0.83 or later, which contains the necessary fix.
- Description
- Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82.
- Source
- audit@patchstack.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- audit@patchstack.com
- CWE-266
- Hype score
- Not currently trending
[1day1line] CVE-2025-27007: WordPress OttoKit Privilege Escalation Vulnerability https://t.co/Sb1CqQyQ7e A privilege escalation vulnerability has been discovered in OttoKit, a WordPress plugin. Due to a flaw in the authentication process, it was possible to create a new
@hackyboiz
18 May 2025
1402 Impressions
3 Retweets
19 Likes
6 Bookmarks
0 Replies
0 Quotes
A támadók aktívan kihasználják az OttoKit WordPress plugin sebezhetőségeit A támadók aktívan kihasználták az OttoKit (korábban SureTriggers) WordPress beépülő modul két kritikus sérülékenységét. Az egyik a CVE-2025-27007 (CVSS pontszám: 9.8) azonosítón
@linuxmint_hun
15 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-27007 - critical 🚨 OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation > Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows ... 👾 https://t.co/WiJanYoxeM @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
14 May 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی آسیب پذیری های جدید برای پلاگین OttoKit مربوط به Wordpress منتشر شده است. کدهای شناسایی این آسیب پذیری ها CVE-2025-27007 و CVE-2025-3102 می باشند که به هکرها امکان ایجا
@AmirHossein_sec
10 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 OttoKit (formerly SureTriggers) WordPress plugin exploited due to privilege escalation vulnerability (CVE-2025-27007). Affects all versions up to 1.0.82. #CyberSecurity #WordPress https://t.co/K3OG1UMg19 https://t.co/JmWr1ibJU5
@CyberHub_blog
10 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OttoKit Plugin de WordPress, afectado por Exploits Dirigidos a Múltiples Fallos [CVE-2025-27007] El fallo de seguridad permite a atacantes no autenticados establecer una conexión, haciendo posible la escalada de privilegios. https://t.co/HdT5W3Y4Hb
@_Ninhack
8 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers exploit a critical unauthenticated privilege escalation vulnerability (CVE-2025-27007) in the OttoKit WordPress plugin, allowing rogue admin account creation. A patch was released after exploitations. #Security https://t.co/lQn04qvsmj
@Strivehawk
8 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ハッカーがOttoKit WordPressプラグインの脆弱性を悪用し、管理者アカウントを追加(CVE-2025-27007) https://t.co/LQnAjXfw1y #Security #セキュリティ #ニュース
@SecureShield_
8 May 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are exploiting CVE-2025-27007 in OttoKit WordPress plugin to create rogue admin accounts via the API’s logic flaw. Sites should verify logs for signs of compromise. Most are now on version 1.0.83. ⚠️ #WPUpdate #SecurityAlert #UK https://t.co/D8J2EsIvGN
@TweetThreatNews
7 May 2025
76 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27007: OttoKit (SureTriggers) Privilege Escalation Vulnerability https://t.co/QxCDrL1MpV https://t.co/SGKRofT2K1
@cyber_advising
7 May 2025
461 Impressions
0 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-27007: OttoKit (SureTriggers) Privilege Escalation Vulnerability https://t.co/XaxYPLIWc3
@cyber_advising
7 May 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 تسبب خطأ أمني جديد في إضافة OttoKit لووردبريس، الذي يتجاوز عدد تثبيته 100 ألف، بعمليات استغلال نشطة. الخطأ، الذي يحمل الرقم CVE-2025-27007، يتيح تصعيد الامتيازات
@Cybercachear
7 May 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Second OttoKit bug exploited to hijack WordPress sites Hackers are abusing CVE-2025-27007 to gain admin access on 100K+ WordPress installs via the OttoKit plugin. Patch to v1.0.83 now. https://t.co/oQc0Khprxr #WordPress #CVE202527007 https://t.co/B2Hx05Vt7N
@dCypherIO
7 May 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A second OttoKit vulnerability (CVE-2025-27007) is being exploited to hack over 100,000 WordPress sites. The flaw in create_wp_connection() allows unauthenticated access—sites should update to version 1.0.83 now! 🚨 #WordPress #CyberAlert #UK https://t.co/DIU8zMVdGF
@TweetThreatNews
7 May 2025
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: Critical OttoKit(SureTriggers) WordPress Unauthenticated Privilege Escalation Vulnerability 🚨 Vulnerability Details: CVE-2025-27007 (CVSS v3 9.8/10) OttoKit(SureTriggers) WordPress Unauthenticated Privilege Escalation Vulnerability Impact: A successful exploi
@CyberxtronTech
7 May 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OttoKit(旧SureTriggers)の脆弱性CVE-2025-27007の悪用が観測された。 https://t.co/SKAc8p1iNp
@__kokumoto
6 May 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
10万サイト以上が使用するWordPressのOttoKitプラグインに重大(Critical)な脆弱性。CVE-2025-27007はCVSSスコア9.8。ロジックエラーに起因し、管理者アカウントの作成を含む任意の制御が行える。管理者のユーザ名だけ把
@__kokumoto
6 May 2025
1395 Impressions
2 Retweets
10 Likes
2 Bookmarks
1 Reply
0 Quotes
CVE-2025-27007: Critical OttoKit WordPress Plugin Flaw Exploited After Disclosure, 100K+ Sites at Risk Urgent security alert! A flaw in the OttoKit WordPress plugin is being actively exploited. Update to version 1.0.83 immediately to protect your site https://t.co/WW8sVHdEEv
@the_yellow_fall
6 May 2025
20 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-27007 ⚠️🔴 CRITICAL (9.8) 🏢 Brainstorm Force - SureTriggers 🏗️ Unknown Version 🔗 https://t.co/PJmFr2ZJwb #CyberCron #VulnAlert #InfoSec https://t.co/n4C7T8wUPb
@cybercronai
1 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-27007 Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82. https://t.co/U65hQAOwNo
@CVEnew
1 May 2025
297 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-27007: CRITICAL] Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82.#cve,CVE-2025-27007,#cybersecurity https://t.co/TYH898bChI https://t.co/aE0MhGdkyS
@CveFindCom
1 May 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes