cleantalk
Vulnerabilities and Security Researches

Soumettre.fr, CVE-2025-4654

CVE, Research URL

CVE-2025-4654

Home page URL

Security reports for Soumettre.fr

Application

Soumettre.fr

Published on
Jul 02, 2025
Research Description
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettre posts. This vulnerability affects only installations where the soumettre account is not connected (i.e. API key is not installed)
Affected versions
Min -, max 2.1.5.
Status
vulnerable
Previous vulnerability researches
WP Mega Menu (9a1a41f6b52c7295a82499e2cdd251d7ad92f233) , Jun 07, 2024
WP Mega Menu (CVE-2024-54282) , Dec 15, 2024
New vulnerability
Bulk Featured Image (CVE-2025-28951) , Jul 05, 2025
LMSACE Connect – WooCommerce Moodle™ LMS Integration (CVE-2025-29007) , Jul 05, 2025
Chatra Live Chat + ChatBot + Cart Saver (CVE-2025-24735) , Jul 05, 2025
WP Visitor Statistics (Real Time Traffic) (CVE-2025-53566) , Jul 05, 2025
Printcart Web to Print Product Designer for WooCommerce (CVE-2025-24780) , Jul 05, 2025