4 matches found
CVE-2025-2821
The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getrestpermission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding...
CVE-2025-2821
creationtimestamp| type| source ---|---|--- 2025-05-07 02:21:41+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15248 2025-05-07 04:26:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lokkl454wm2h 2025-05-07 07:12:52+00:00| seen| https://t.me/cvedetector/24670...
CVE-2025-2821 Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification
The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getrestpermission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding...
CVE-2025-2821
CVE-2025-2821 affects the WordPress Search Exclude plugin (versions up to and including 2.4.9). The root cause is a missing capability check in the get_rest_permission function, enabling unauthorized modification of plugin settings and exclusion of content from search results by unauthenticated a...