search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes.
7.5CVSS
7.6AI Score
0.002EPSS
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress.
5.4CVSS
5.2AI Score
0.001EPSS