cleantalk
Vulnerabilities and Security Researches

Soumettre.fr, CVE-2025-4654

CVE, Research URL

CVE-2025-4654

Home page URL

Security reports for Soumettre.fr

Application

Soumettre.fr

Published on
Jul 02, 2025
Research Description
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettre posts. This vulnerability affects only installations where the soumettre account is not connected (i.e. API key is not installed)
Affected versions
Min -, max 2.1.5.
Status
vulnerable
Previous vulnerability researches
Plugin Central (CVE-2025-46439) , Apr 26, 2025
Plugin Central (dc94c84bbc7a71287b02b5d483cdf884e1ca2777) , Jun 07, 2024
New vulnerability
Radio Station by netmix® – Manage and play your Show Schedule in WordPress! (CVE-2025-53568) , Jul 05, 2025
RD Contacto (CVE-2025-5933) , Jul 05, 2025
AiBud WP – ChatGPT, OpenAI, Content & Image Generator WordPress plugin (CVE-2025-23968) , Jul 05, 2025
WP Permalink Translator (CVE-2025-53274) , Jul 05, 2025
Soumettre.fr (CVE-2025-4654) , Jul 05, 2025