cleantalk
Vulnerabilities and Security Researches

Soumettre.fr, CVE-2025-4654

CVE, Research URL

CVE-2025-4654

Home page URL

Security reports for Soumettre.fr

Application

Soumettre.fr

Published on
Jul 02, 2025
Research Description
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettre posts. This vulnerability affects only installations where the soumettre account is not connected (i.e. API key is not installed)
Affected versions
Min -, max 2.1.5.
Status
vulnerable
Previous vulnerability researches
FREE DOWNLOAD MANAGER (CVE-2024-49315) , Oct 19, 2024
CM Download Manager – Document and File Management (CVE-2025-24758) , Feb 19, 2025
CM Download Manager – Document and File Management (CVE-2020-27344) , Jun 06, 2024
CM Download Manager – Document and File Management (CVE-2014-8877) , Jun 06, 2024
CM Download Manager – Document and File Management (CVE-2024-1962) , Jun 06, 2024
New vulnerability
PayMaster for WooCommerce (CVE-2025-6729) , Jul 05, 2025
Bulk Featured Image (CVE-2025-28951) , Jul 05, 2025
LMSACE Connect – WooCommerce Moodle™ LMS Integration (CVE-2025-29007) , Jul 05, 2025
Chatra Live Chat + ChatBot + Cart Saver (CVE-2025-24735) , Jul 05, 2025
WP Visitor Statistics (Real Time Traffic) (CVE-2025-53566) , Jul 05, 2025