CVE-2025-27007

Name of the Vulnerable Software and Affected Versions Brainstorm Force SureTriggers versions 1.0.0 through 1.0.82

Description The issue is related to an incorrect privilege assignment vulnerability in Brainstorm Force SureTriggers, allowing privilege escalation. This vulnerability can be exploited to gain access to the administrator account due to errors in the plugin's API logic. Over 100,000 WordPress sites are potentially at risk. Exploitation of the vulnerability began shortly after public disclosure, and hackers are using it to create rogue admin accounts. Sites should verify logs for signs of compromise.

Recommendations Update to version 1.0.83 to protect your site from this vulnerability. As a temporary workaround, consider restricting access to the plugin's API until a patch is applied. Avoid using the plugin until the issue is resolved.