cleantalk
Vulnerabilities and Security Researches

Soumettre.fr, CVE-2025-4654

CVE, Research URL

CVE-2025-4654

Home page URL

Security reports for Soumettre.fr

Application

Soumettre.fr

Published on
Jul 02, 2025
Research Description
The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettre posts. This vulnerability affects only installations where the soumettre account is not connected (i.e. API key is not installed)
Affected versions
Min -, max 2.1.5.
Status
vulnerable
Previous vulnerability researches
YITH Maintenance Mode (CVE-2015-9429) , Jun 06, 2024
YITH Maintenance Mode (CVE-2021-36841) , Jun 06, 2024
YITH Maintenance Mode (CVE-2021-36845) , Jun 06, 2024
New vulnerability
Printcart Web to Print Product Designer for WooCommerce (CVE-2025-24780) , Jul 05, 2025
bSecure – Your Universal Checkout (CVE-2025-52830) , Jul 05, 2025
DocCheck Login (CVE-2025-6786) , Jul 05, 2025
iFrame Images Gallery (CVE-2025-30969) , Jul 05, 2025
Video Gallery Block – Display your videos as a gallery in a professional way (CVE-2025-27326) , Jul 05, 2025