How to fix CVE-2025-4654?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Is PHP affected by CVE-2025-4654?

CVE-2025-4654 is a low-severity vulnerability in Soumettre.fr plugin for WordPress (CVSS 3.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. Apply vendor updates when available as part of routine maintenance.

CVE-2025-4654

EUVD-2025-19681 LOW

2025-07-02 [email protected]

WordPress Authentication Bypass PHP

3.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 01:55 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 01:55 euvd

EUVD-2025-19681

CVE Published

Jul 02, 2025 - 04:15 nvd

LOW 3.7

DescriptionNVD

The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to create/edit/delete Soumettre posts. This vulnerability affects only installations where the soumettre account is not connected (i.e. API key is not installed)

AnalysisAI

A security vulnerability in Soumettre.fr (CVSS 3.7). Remediation should follow standard vulnerability management procedures.

Technical ContextAI

CWE-285 (Improper Authorization). Affects Soumettre.fr.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-4654 vulnerability details – vuln.today

Back

CVE-2025-4654

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code