Unauthorized Data Modification in Search Exclude Plugin for WordPress
CVE-2025-2821
5.3MEDIUM
What is CVE-2025-2821?
The Search Exclude plugin for WordPress contains a security flaw that allows unauthorized users to manipulate plugin settings due to a missing capability check in the get_rest_permission function. This issue is present in all versions up to and including 2.4.9, enabling unauthenticated attackers to alter search settings and exclude specific content from search results, posing a significant risk to data integrity and site functionality.
Affected Version(s)
Search Exclude * <= 2.4.9