100,000 WordPress Sites Affected by Administrative User Creation Vulnerability in SureTriggers WordPress Plugin

Wordfence's Bug Bounty Program rewards researchers for reporting vulnerabilities in WordPress plugins. A critical vulnerability in the SureTriggers plugin allows unauthenticated user creation, affecting over 100,000 sites. Discovered by researcher mikemyers, it was patched swiftly, and users are urged to update to version 1.0.79 to secure their sites. Wordfence provided firewall protection to premium users on April 1, 2025, with free users receiving it on May 1, 2025. This vulnerability poses significant risks, emphasizing the need for timely updates.

https://www.wordfence.com/blog/2025/04/100000-wordpress-sites-affected-by-administrative-user-creation-vulnerability-in-suretriggers-wordpress-plugin/