CVE-2025-10646 | Search Exclude Plugin up to 2.5.7 on WordPress REST API get_rest_permission authorization

Inserito da Angelo Barbosa | Nov 24, 2025 | CVE

A vulnerability classified as problematic has been found in Search Exclude Plugin up to 2.5.7 on WordPress. Affected is the function Base::get_rest_permission of the component REST API. This manipulation causes missing authorization.

The identification of this vulnerability is CVE-2025-10646. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2025-10646 | Search Exclude Plugin up to 2.5.7 on WordPress REST API get_rest_permission authorization

Post correlati

CVE-2023-37389 | Saasproject Booking Package Plugin up to 1.5.98 on WordPress privileges management

CVE-2023-51301 | PHPJabbers Hotel Booking System 4.0 Forgot Email denial of service

CVE-2025-34304 | IPFire up to 2.29 HTTP POST Request ovpnclients.dat CONNECTION_NAME sql injection

CVE-2025-62256 | Liferay Portal/DXP OpenAPI authorization