cleantalk
Vulnerabilities and Security Researches

Search Exclude, CVE-2025-2821

CVE, Research URL

CVE-2025-2821

Home page URL

Security reports for Search Exclude

Application

Search Exclude

Published on
May 07, 2025
Research Description
The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding content from search results.
Affected versions
Min -, max 2.5.0.
Status
vulnerable
Previous vulnerability researches
External image replace (CVE-2025-30535) , Mar 26, 2025
External image replace (CVE-2025-4279) , May 06, 2025
New vulnerability
Advanced File Manager (CVE-2025-47688) , May 08, 2025
WPAdverts – Classifieds Plugin (CVE-2025-47440) , May 08, 2025
WordPress Infinite Scroll – Ajax Load More (CVE-2025-47630) , May 08, 2025
LessButtons Social Sharing and Statistics (CVE-2025-47614) , May 08, 2025
Nested Pages (CVE-2025-0718) , May 08, 2025