Does Search Exclude have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Search Exclude compatible with WordPress 6.9.4?

According to WordPress.org data, Search Exclude 2.6.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Search Exclude compatible with PHP 5.6+?

Search Exclude requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Search Exclude updated?

Search Exclude was last updated on Apr 2, 2026. Frequent updates are generally a positive security signal.

What is Search Exclude's security score?

Search Exclude has a WP-Safety security score of 93/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Search Exclude Security & Risk Analysis

wordpress.org/plugins/search-exclude

Hide any post or page from the search results.

50K active installs v2.6.4 PHP 5.6+ WP 4.7+ Updated Apr 2, 2026

exclude-pageexclude-postsearchsearch-excludewordpress-search

A · Safe

CVEs total4

Unpatched0

Last CVENov 24, 2025

Plugin page Download

Safety Verdict

Is Search Exclude Safe to Use in 2026?

Generally Safe

Score 93/100

Search Exclude has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Nov 24, 2025Updated 1mo ago

Risk Assessment

The 'search-exclude' plugin version 2.6.3 presents a mixed security posture. On one hand, the static analysis reveals a very small attack surface, with no identifiable AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication. The plugin also demonstrates good practices in output escaping, with 96% of outputs properly handled. Furthermore, there are no detected taint flows or dangerous functions within the analyzed code.

However, significant concerns arise from the plugin's vulnerability history. It has a history of 4 known CVEs, with a high severity vulnerability and three medium severity vulnerabilities in the past. The common types of these past vulnerabilities include Missing Authorization and Cross-site Scripting, indicating a pattern of introducing security flaws in these areas. The fact that the last vulnerability was recorded in late 2025 suggests potential for ongoing or recurring issues.

While the current code analysis shows no immediate, exploitable vulnerabilities like unsanitized taint flows or raw SQL queries, the historical pattern of past vulnerabilities, particularly the high and medium severity ones related to authorization and XSS, warrants caution. The presence of SQL queries without prepared statements, though not explicitly linked to a vulnerability in this version's analysis, is a practice that historically leads to SQL injection risks. The plugin's strength lies in its minimal attack surface and good output escaping in this version, but its past security record necessitates vigilance.

Key Concerns

SQL queries not using prepared statements
History of high severity vulnerabilities
History of medium severity vulnerabilities

Vulnerabilities

4 published

Search Exclude Security Vulnerabilities

CVEs by Year

1 CVE in 2019

2019

1 CVE in 2022

2022

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2025-10646medium · 4.3Missing Authorization

Search Exclude <= 2.5.7 – Missing Authorization to Authenticated (Contributor+) Search Settings Modification via REST API

Nov 24, 2025 Patched in 2.5.8 (1d)

CVE-2025-2821medium · 5.3Missing Authorization

Search Exclude <= 2.4.9 - Missing Authorization to Unauthenticated Plugin Settings Modification

May 6, 2025 Patched in 2.5.0 (1d)

CVE-2022-36282medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Search Exclude <= 1.2.6 - Authenticated (Editor+) Stored Cross-Site Scripting

Aug 22, 2022 Patched in 1.2.7 (519d)

CVE-2019-15895high · 7.5Missing Authorization

Search Exclude <= 1.2.3 - Arbitrary Settings Change

Sep 7, 2019 Patched in 1.2.4 (1599d)

Version History

Search Exclude Release Timeline

v2.6.4Current

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.9

v2.5.8

v2.5.71 CVE

v2.5.61 CVE

v2.5.31 CVE

v2.5.21 CVE

v2.5.11 CVE

v2.5.01 CVE

v2.4.92 CVEs

CVE-2025-2821 CVE-2025-10646

v2.4.82 CVEs

CVE-2025-2821 CVE-2025-10646

v2.4.72 CVEs

CVE-2025-2821 CVE-2025-10646

v2.4.62 CVEs

CVE-2025-2821 CVE-2025-10646

v2.4.52 CVEs

CVE-2025-2821 CVE-2025-10646

v2.4.42 CVEs

CVE-2025-2821 CVE-2025-10646

v2.4.32 CVEs

CVE-2025-2821 CVE-2025-10646

Code Analysis

Analyzed Mar 16, 2026

Search Exclude Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

75 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

96% escaped78 total outputs

Attack Surface

Search Exclude Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 24

filterdefault_option_qlse_settingscompatibility\old.php:3

filteroption_qlse_settingscompatibility\old.php:46

actionwp_default_scriptsjetpack_vendor\automattic\jetpack-assets\actions.php:11

actionplugins_loadedjetpack_vendor\automattic\jetpack-assets\actions.php:12

filterwp_resource_hintsjetpack_vendor\automattic\jetpack-assets\src\class-assets.php:182

actionwp_loadedjetpack_vendor\automattic\jetpack-assets\src\class-script-data.php:38

actionenqueue_block_editor_assetsjetpack_vendor\automattic\jetpack-assets\src\class-script-data.php:52

actionshutdownjetpack_vendor\automattic\jetpack-status\src\class-errors.php:38

actionwp_network_dashboard_setupjetpack_vendor\quadlayers\wp-dashboard-widget-news\src\Load.php:36

actionwp_dashboard_setupjetpack_vendor\quadlayers\wp-dashboard-widget-news\src\Load.php:37

actionadmin_noticesjetpack_vendor\quadlayers\wp-notice-plugin-promote\src\Load.php:95

actionadmin_noticesjetpack_vendor\quadlayers\wp-notice-plugin-promote\src\Load.php:104

actionadmin_noticesjetpack_vendor\quadlayers\wp-notice-plugin-required\src\Load.php:40

filterinstall_plugins_tabsjetpack_vendor\quadlayers\wp-plugin-install-tab\src\Load.php:33

actioninstall_plugins_quadlayersjetpack_vendor\quadlayers\wp-plugin-install-tab\src\Load.php:34

actionplugins_loadedjetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:47

actionadmin_menujetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:50

actionadmin_initjetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:55

filternetwork_admin_urljetpack_vendor\quadlayers\wp-plugin-suggestions\src\Page.php:56

filterself_admin_urljetpack_vendor\quadlayers\wp-plugin-suggestions\src\Table.php:52

filternetwork_admin_urljetpack_vendor\quadlayers\wp-plugin-suggestions\src\Table.php:53

filterplugin_row_metajetpack_vendor\quadlayers\wp-plugin-table-links\src\Load.php:36

actioninitvendor_packages\wp-notice-plugin-promote.php:4

actioninitvendor_packages\wp-plugin-table-links.php:4

Maintenance & Trust

Search Exclude Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 2, 2026

PHP min version5.6

Downloads2.1M

Community Trust

Rating96/100

Number of ratings216

Active installs50K

Alternatives

Search Exclude Alternatives

Exclude Search

exclude-search

Exclude posts, pages, products or custom posts from WordPress search results.

80 No CVEs

Hide from Search

mpress-hide-from-search

100

Hide individual WordPress pages from search engines and/or WordPress searches, such as confirmation and download pages.

3K No CVEs

Custom Search by BestWebSoft – WordPress Custom Search Plugin

custom-search-plugin

100

Add advanced custom search to your WordPress site. Search custom post types, taxonomies, and custom fields with full control over results.

1K 1 CVE

Site Search 360

site-search-360

Precise and fast search, autocompletion, and search suggestions for your WordPress page.

400 1 unpatched

Sort SearchResult By Title

sort-searchresult-by-title

100

Wordpress sort search results by title offers powerful option for developers to sort search results alphabetically in ascending or descending order.

200 1 CVE

Developer Profile

Search Exclude Developer Profile

quadlayers

17 plugins · 634K total installs

trust score

Avg Security Score

96/100

Avg Patch Time

501 days

View full developer profile

Detection Fingerprints

How We Detect Search Exclude

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/search-exclude/assets/css/backend.css/wp-content/plugins/search-exclude/assets/js/backend.js

Script Paths

/wp-content/plugins/search-exclude/assets/js/backend.js

Version Parameters

search-exclude/assets/css/backend.css?ver=search-exclude/assets/js/backend.js?ver=

HTML / DOM Fingerprints

CSS Classes

qlse-notice-plugin-promoteqlse-feedback-modalqlse-modal-closeqlse-feedback-form-wrapperqlse-feedback-formqlse-feedback-inputqlse-feedback-textareaqlse-feedback-submit+2 more

HTML Comments

+1 more

Data Attributes

data-qlse-feedbackdata-qlse-promo-iddata-qlse-plugin-slug

JS Globals

window.qlse_feedbackwindow.qlse_promo

FAQ

Search Exclude Security & Risk Analysis

Is Search Exclude Safe to Use in 2026?

Generally Safe

Key Concerns

Search Exclude Security Vulnerabilities

CVEs by Year

Severity Breakdown

Search Exclude Release Timeline

Search Exclude Code Analysis

SQL Query Safety

Output Escaping

Search Exclude Attack Surface

Search Exclude Maintenance & Trust

Maintenance Signals

Community Trust

Search Exclude Alternatives

Exclude Search

Hide from Search

Custom Search by BestWebSoft – WordPress Custom Search Plugin

Site Search 360

Sort SearchResult By Title

Search Exclude Developer Profile

How We Detect Search Exclude

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Search Exclude