GCVE - cpe:2.3:a:quadlayers:search_exclude:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:quadlayers:search_exclude:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Quadlayers (`e3284009-1c72-56ca-8110-e890105dd03b`)
Product	Search Exclude (`74d7c48a-7487-5ad8-8de1-074c2179cb18`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-2821`	vulnerable	2026-06-08 07:16:58.431158	Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification MEDIUM (5.3) The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the get_rest_permission function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to modify plugin settings, excluding content from search results. Published: 2025-05-07T01:43:06.640Z Updated: 2026-04-08T16:41:00.515Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/1f72a309-8ef8-4943-8e64-38bb7909397a?source=cve https://plugins.trac.wordpress.org/browser/search-exclude/tags/2.4.6/lib/api/entities/settings/class-post.php#L42 https://plugins.trac.wordpress.org/changeset/3284798/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-10646`	vulnerable	2026-06-08 07:02:27.259814	Search Exclude <= 2.5.7 – Missing Authorization to Authenticated (Contributor+) Search Settings Modification via REST API MEDIUM (4.3) The Search Exclude plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient capability check on the Base::get_rest_permission() method in all versions up to, and including, 2.5.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to modify plugin settings, such as adding arbitrary posts to the search exclusion list. Published: 2025-11-25T03:27:43.284Z Updated: 2026-04-08T17:16:06.342Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/b0f62d05-84fb-4cd6-9e5f-0dcfa305ce68?source=cve https://plugins.trac.wordpress.org/changeset/3379004/search-exclude	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.