CVE-2019-15895

search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes...

CVE-2025-2821

The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getrestpermission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding...

CVE-2025-2821 Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification

The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getrestpermission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding...

CVE-2025-2821 Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification

The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the getrestpermission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding...

PT-2025-19897 · WordPress · Search Exclude

Name of the Vulnerable Software and Affected Versions: Search Exclude plugin for WordPress versions up to, and including, 2.4.9 Description: The issue allows unauthorized modification of data due to a missing capability check on the get rest permission function. This makes it possible for...

CVE-2022-36282

Authenticated editor+ Stored Cross-Site Scripting XSS vulnerability in Roman Pronskiy's Search Exclude plugin = 1.2.6 at WordPress...

CVE-2022-36282

Authenticated editor+ Stored Cross-Site Scripting XSS vulnerability in Roman Pronskiy's Search Exclude plugin = 1.2.6 at WordPress...

Cross site scripting

Authenticated editor+ Stored Cross-Site Scripting XSS vulnerability in Roman Pronskiy's Search Exclude plugin = 1.2.6 at WordPress...

CVE-2022-36282

CVE-2022-36282 affects WordPress: Roman Pronskiy’s Search Exclude plugin, versions 1.2.6 and earlier. It is an authenticated Stored Cross-Site Scripting (XSS) flaw exploitable by users with editor+ privileges, due to insufficient sanitization/escaping of input data. The vulnerability impacts page...

PT-2022-23289 · Roman Pronskiy · Search Exclude

Name of the Vulnerable Software and Affected Versions: Roman Pronskiy's Search Exclude plugin versions 1.2.6 and earlier Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with editor or higher privileges can inject...

CVE-2019-15895

search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes...