CVE-2025-4654
BaseFortify
Publication date: 2025-07-02
Last updated on: 2025-07-03
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Soumettre.fr plugin for WordPress has a vulnerability in its make_signature function due to improper authorization checks. This allows unauthenticated attackers to create, edit, or delete Soumettre posts if the soumettre account is not connected (i.e., the API key is not installed).
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to modify content on your WordPress site by creating, editing, or deleting Soumettre posts without authentication, potentially leading to data integrity issues or unwanted content changes.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately ensure that the soumettre account is connected by installing the API key. Additionally, update the Soumettre.fr plugin to a version later than 2.1.5 where the issue is fixed, or disable the plugin until a fix is applied.