cleantalk
Vulnerabilities and Security Researches

Search Exclude, CVE-2025-2821

CVE, Research URL

CVE-2025-2821

Home page URL

Security reports for Search Exclude

Application

Search Exclude

Published on
May 07, 2025
Research Description
The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding content from search results.
Affected versions
Min -, max 2.5.0.
Status
vulnerable
Previous vulnerability researches
Theme File Duplicator (CVE-2025-27283) , Feb 27, 2025
Theme File Duplicator (CVE-2025-27282) , Mar 05, 2025
New vulnerability
CarDealerPress (CVE-2025-3860) , May 08, 2025
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2025-0671) , May 08, 2025
Pods – Custom Content Types and Fields (CVE-2025-1446) , May 08, 2025