Vulnerability cyber

Brainstorm Force

Apr 13, 2025 1 min read
Brainstorm Force

A critical security vulnerability, identified as CVE-2025-3102, was discovered in the SureTriggers WordPress plugin developed by Brainstorm Force, affecting over 100,000 websites. The flaw enables attackers to bypass authentication and create unauthorized administrator accounts via the plugin's improperly validated REST API endpoint. Exploitation of this vulnerability leads to full site compromise, with potential for backdoors, malware upload, phishing redirects, and spam content injection. After being reported through Wordfence's Bug Bounty Program, a patched version 1.0.79 was released to address this significant oversight in security.

Source: https://cybersecuritynews.com/100000-wordpress-sites-vulnerable/

TPRM report: https://scoringcyber.rankiteo.com/company/brainstorm-force

"id": "bra140041325",
"linkid": "brainstorm-force",
"type": "Vulnerability",
"date": "4/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.