Vulnerabilities and security researches forrestrict-content restrict-content
Direction: ascendingJun 07, 2024
Membership Plugin – Restrict Content # CVE-2024-31432
- CVE, Research URL
- Application
- Date
- Apr 15, 2024
- Research Description
- Missing Authorization vulnerability in StellarWP Restrict Content.This issue affects Restrict Content: from n/a through 3.2.8.
- Affected versions
-
max 3.2.9.
- Status
-
vulnerable
Membership Plugin – Restrict Content # CVE-2023-3182
- CVE, Research URL
- Application
- Date
- Jul 17, 2023
- Research Description
- The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- Affected versions
-
max 3.2.8.
- Status
-
vulnerable
Membership Plugin – Restrict Content # 0385b9c1aded3b04d2a87cde20a8adc8be7153cc
- CVE, Research URL
- Application
- Date
- Jun 23, 2023
- Research Description
- Membership Plugin – Restrict Content [restrict-content] < 3.2.3 (closed) Restrict Content <= 3.2.2 - Reflected Cross-Site Scripting The Restrict Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via POST data from the rcp_ajax_dismissed_notice_handler() function in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
max 3.2.3.
- Status
-
vulnerable
Membership Plugin – Restrict Content # CVE-2023-47668
- CVE, Research URL
- Application
- Date
- Nov 23, 2023
- Research Description
- Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin <= 3.2.7 versions.
- Affected versions
-
max 3.2.8.
- Status
-
vulnerable
Jan 28, 2025
Membership Plugin – Restrict Content # CVE-2024-11090
- CVE, Research URL
- Application
- Date
- Jan 26, 2025
- Research Description
- The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
- Affected versions
-
max 3.2.14.
- Status
-
vulnerable
Jan 10, 2026
Membership Plugin – Restrict Content # CVE-2025-14000
- CVE, Research URL
- Application
- Date
- Dec 23, 2025
- Research Description
- The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'register_form' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 3.2.16.
- Status
-
vulnerable
Jan 28, 2026
Membership Plugin – Restrict Content # CVE-2025-14844
- CVE, Research URL
- Application
- Date
- Jan 16, 2026
- Research Description
- The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcp_stripe_create_setup_intent_for_saved_card' function due to missing capability check. Additionally, the plugin does not check a user-controlled key, which makes it possible for unauthenticated attackers to leak Stripe SetupIntent client_secret values for any membership.
- Affected versions
-
max 3.2.17.
- Status
-
vulnerable