cleantalk
Vulnerabilities and Security Researches

Membership Plugin – Restrict Content, CVE-2026-4136

CVE, Research URL

CVE-2026-4136

Home page URL

Security reports for Membership Plugin – Restrict Content

Application

Membership Plugin – Restrict Content

Published on
Mar 20, 2026
Research Description
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcp_redirect' parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successfully trick them into performing an action.
Affected versions
max 3.2.25.
Status
vulnerable
Previous vulnerability researches
Simple GDPR Cookie Compliance (CVE-2026-24604) , Jan 27, 2026
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2019-25143) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (7d5b4ba83a5c6004460bf267fe534a359e1416b0) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2023-4013) , Jun 07, 2024
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-1621) , Mar 14, 2025
New vulnerability
WP Frontend Profile (CVE-2026-39688) , Apr 14, 2026
Hello Bar (CVE-2026-39666) , Apr 14, 2026
Import and export users and customers (CVE-2026-3629) , Apr 14, 2026
Xhanch – My Advanced Settings (CVE-2026-3332) , Apr 14, 2026
Accept PayPal Payments using Contact Form 7 (CVE-2026-39707) , Apr 14, 2026