cleantalk
Vulnerabilities and Security Researches

Search Exclude, CVE-2025-2821

CVE, Research URL

CVE-2025-2821

Home page URL

Security reports for Search Exclude

Application

Search Exclude

Published on
May 07, 2025
Research Description
The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding content from search results.
Affected versions
Min -, max 2.5.0.
Status
vulnerable
Previous vulnerability researches
Debug Log Manager (CVE-2025-32613) , Apr 20, 2025
Debug Log Manager (CVE-2023-6383) , Jun 07, 2024
Debug Log Manager (CVE-2023-6136) , Jun 07, 2024
Debug Log Manager (CVE-2024-35669) , Jun 07, 2024
Debug Log Manager (CVE-2024-32582) , Jun 07, 2024
New vulnerability
CBX Map for Google Map & OpenStreetMap (CVE-2025-47669) , May 09, 2025
Bold Page Builder (CVE-2025-47488) , May 09, 2025
Bold Page Builder (CVE-2025-47525) , May 09, 2025
Blocksy (CVE-2025-47465) , May 08, 2025
Ultimate Blocks – WordPress Blocks Plugin (CVE-2025-47493) , May 08, 2025