Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-4654

The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettre posts. This vulnerability affects only installations where the soumettre account is not connected (i.e. API key is not installed)

Published

2025-07-02T04:15:54.673

Last Modified

2025-07-03T15:14:12.767

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 3.7 (LOW)

Weaknesses

Type: Primary
CWE-285

Affected Vendors & Products

References

https://plugins.trac.wordpress.org/browser/soumettre-fr/tags/2.1.5/public/rest/class-soumettre-rest-route.php#L211 ([email protected])
https://www.wordfence.com/threat-intel/vulnerabilities/id/4f29d476-0730-437c-8065-309523278efa?source=cve ([email protected])