Volerion logoVolerion
Volerion logoVolerion

SureTriggers WordPress Plugin Unauthenticated SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in the SureTriggers WordPress plugin, specifically in versions prior to 1.1.23. The issue arises because the plugin fails to properly sanitize user input before incorporating it into SQL statements. This lack of input validation could enable unauthenticated attackers to execute SQL injection attacks.

Impact

Exploitation of this vulnerability allows for SQL injection, which could be used to manipulate database queries, potentially leading to unauthorized data access or modification.

Reproduction

The vulnerability can be reproduced by sending a crafted poll vote that includes unsanitized input, exploiting the SQL injection flaw. This can be done using a Python script that automates the process, confirming the injection by timing-based tests and extracting information such as the admin password hash.

Remediation

Users are advised to update the SureTriggers WordPress plugin to version 1.1.23 or later.

Added: May 8, 2026, 7:20 AM
Updated: May 8, 2026, 7:20 AM

Vulnerability Rating

Custom Algorithm
spread
2.2
impact
2.5
exploitability
9.3
remediation
0.0
relevance
7.8
threat
6.4
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.