cleantalk
Vulnerabilities and Security Researches

Membership Plugin – Restrict Content, CVE-2025-14844

CVE, Research URL

CVE-2025-14844

Home page URL

Security reports for Membership Plugin – Restrict Content

Application

Membership Plugin – Restrict Content

Published on
Jan 16, 2026
Research Description
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcp_stripe_create_setup_intent_for_saved_card' function due to missing capability check. Additionally, the plugin does not check a user-controlled key, which makes it possible for unauthenticated attackers to leak Stripe SetupIntent client_secret values for any membership.
Affected versions
max 3.2.17.
Status
vulnerable
Previous vulnerability researches
Netgsm (CVE-2025-68010) , Jan 27, 2026
Netgsm (CVE-2024-35672) , Jun 07, 2024
Netgsm (CVE-2024-4746) , Jun 07, 2024
Netgsm (CVE-2024-32544) , Jun 07, 2024
Netgsm (CVE-2025-60143) , Oct 11, 2025
New vulnerability
Header and Footer Scripts (CVE-2025-11453) , Jan 28, 2026
WordPress CRM Plugin – WP-CRM System (CVE-2025-14854) , Jan 28, 2026
WordPress CRM Plugin – WP-CRM System (CVE-2025-62106) , Jan 28, 2026
Contact Form 7 GetResponse Extension (CVE-2026-24557) , Jan 28, 2026
NextMove Lite – Thank You Page for WooCommerce (CVE-2026-24599) , Jan 28, 2026