Vulnerabilities

CVE-2025-2821

by Fred · 07/05/2025

The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding content from search results.

Assigner : cve-request@wordfence.com

More information : https://plugins.trac.wordpress.org/browser/search-exclude/tags/2.4.6/lib/api/entities/settings/class-post.php#L42

Similar

Tags: Cybersecurity Alert