CVE-2025-10646 | Search Exclude Plugin up to 2.5.7 on WordPress REST API get_rest_permission authorization

November 24, 2025 Yanac

A vulnerability classified as problematic has been found in Search Exclude Plugin up to 2.5.7 on WordPress. Affected is the function Base::get_rest_permission of the component REST API. This manipulation causes missing authorization.

The identification of this vulnerability is CVE-2025-10646. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More