Headline

CVE-2022-36282: Search Exclude

Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy’s Search Exclude plugin <= 1.2.6 at WordPress.

2 years ago

CVE

Open in Source

#xss #vulnerability #web #google #wordpress #php #auth #firefox

Details
Reviews
Installation
Support
Development

With this plugin you can exclude any page, post or whatever from the WordPress search results by checking off the corresponding checkbox on post/page edit page.
Supports quick and bulk edit.

On the plugin settings page you can also see the list of all the items that are hidden from search.

Upload search-exclude directory to the /wp-content/plugins/ directory
Activate the plugin through the ‘Plugins’ menu in WordPress
Go to any post/page edit page and check off the checkbox Exclude from Search Results if you don’t want the post/page to be shown in the search results

Does this plugin affect SEO?

No, it does not affect crawling and indexing by search engines.
The ONLY thing it does is hiding selected post/pages from your site search page. Not altering SEO indexing.

If you want posts/pages to be hidden from search engines you may add the following snippet to your functions.php:

function add_meta_for_search_excluded()
{
    global $post;
    if (false !== array_search($post->ID, get_option('sep_exclude', array()))) {
        echo '<meta name="robots" content="noindex,nofollow" />', "\n";
    }
}
add_action('wp_head', 'add_meta_for_search_excluded');

Note: already indexed pages will remain indexed for quite a while. In order to remove them from Google index, you may use Google Search Console (or similar tool for other engines).

Are there any hooks or actions available to customize plugin behaviour?

Yes.
There is an action searchexclude_hide_from_search.
You can pass any post/page/custom_post ids as an array in the first parameter.
The second parameter specifies state of visibility in search. Pass true if you want to hide posts/pages,
or false – if you want show them in the search results.

Example:
Let’s say you want “Exclude from Search Results” checkbox to be checked off by default
for newly created posts, but not pages. In this case you can add following code
to your theme’s function.php:

add_filter('default_content', 'excludeNewPostByDefault', 10, 2);
function excludeNewPostByDefault($content, $post)
{
    if ('post' === $post->post_type) {
        do_action('searchexclude_hide_from_search', array($post->ID), true);
    }
}

Also there is a filter searchexclude_filter_search.
With this filter you can turn on/off search filtering dynamically.
Parameters:
$exclude – current search filtering state (specifies whether to filter search or not)
$query – current WP_Query object

By returning true or false you can turn search filtering respectively.

Example:
Let’s say you need to disable search filtering if searching by specific post_type.
In this case you could add following code to you functions.php:

add_filter('searchexclude_filter_search', 'filterForProducts', 10, 2);
function filterForProducts($exclude, $query)
{
    return $exclude && 'product' !== $query->get('post_type');
}

works well for me. I think this is one of those very useful plugins which makes something an expert can do quite easily accessible to novices for free ! Thank you

Super Brilliant Plugin. Helps a lot with SEO + prevents making a mess on the web. Hope you are doing ok. My heart goes out to all suffering in Ukraine. @-/—

I spent an hour trying to hide woocommerce products from my search, added a bunch of code to functions. This baby worked in 30 seconds. Wonderful, thanks!

Simple, light, useful and free. Amazing plugin!

Does the job very well, love the bulk option

Thanks so much for coming up with this. Working in quick edit mode makes it a super star!

Read all 68 reviews

“Search Exclude” is open source software. The following people have contributed to this plugin.

Contributors

1.2.7