CVE-2025-2821

Name of the Vulnerable Software and Affected Versions Search Exclude plugin for WordPress versions up to, and including, 2.4.9

Description The issue allows unauthorized modification of data due to a missing capability check on the get rest permission function. This makes it possible for unauthenticated attackers to modify plugin settings, excluding content from search results.

Recommendations For Search Exclude plugin for WordPress versions up to, and including, 2.4.9, update to a version higher than 2.4.9 to resolve the issue. As a temporary workaround, consider restricting access to the get rest permission function until a patch is available.