CVE-2025-4654

Name of the Vulnerable Software and Affected Versions: Soumettre.fr plugin for WordPress versions up to, and including, 2.1.5

Description: The issue is related to improper authorization checks on the make signature function, allowing unauthorized access and modification of data. This enables unauthenticated attackers to create, edit, or delete Soumettre posts. The vulnerability specifically affects installations where the Soumettre account is not connected, meaning the API key is not installed.

Recommendations: For versions up to, and including, 2.1.5, update to a version higher than 2.1.5 to resolve the issue. As a temporary workaround, consider disabling the make signature function until a patch is available. Restrict access to the Soumettre posts to minimize the risk of exploitation.