CVE-2025-2821 – WordPress Search Exclude Plugin Unauthenticated Data Modification

May 6, 2025

CVE ID : CVE-2025-2821

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding content from search results.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3844 – PeproDev Ultimate Profile Solutions WordPress Authentication Bypass

Next Article CVE-2025-3218 – IBM i Netserver Authentication Bypass

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Vite 7.0 Is Out

Vite 7.0 Is Out

Exploring JavaScript ES2025 Edition

Mastering Mixed DML Operations in Apex

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

CVE-2025-2821 – WordPress Search Exclude Plugin Unauthenticated Data Modification

Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched

CVE-2025-0966 – IBM InfoSphere Information Server SQL Injection Vulnerability

CVE-2025-4501 – Apache Code-Projects Album Management System Stack Buffer Overflow

Linux Flaws Expose Sensitive Data via Core Dumps

Microsoft PowerToys ‘Peek’ tool makes file previews instant on Windows

CVE-2025-46337 – ADOdb PostgreSQL SQL Injection Vulnerability

Can’t access Microsoft 365? You’re not alone.

Teaching Mistral Agents to Say No: Content Moderation from Prompt to Response

CVE-2025-45842 – TOTOLINK NR1800X Buffer Overflow Vulnerability

CVE-2025-5155 – FoxCMS SQL Injection Vulnerability

CVE-2025-2821 – WordPress Search Exclude Plugin Unauthenticated Data Modification

Related Posts