VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 10 known issues Latest disclosed Mar 19, 2026

Membership Plugin – Restrict Content Vulnerabilities

Review known vulnerability records for the WordPress plugin Membership Plugin – Restrict Content (`restrict-content`), including severity, CVE references, affected versions, and patch status.

View on WordPress.org Back to Feed
Known Records
10
High or Critical
2
Linked CVEs
9
Last Updated
Mar 19, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Membership Plugin – Restrict Content so operators can quickly confirm whether a disclosed issue maps to the installed slug and version range.

Patch Visibility
10 records include a published patch path.
Severity Mix
0 critical and 2 high severity findings.
Reference Workflow
Jump from the hub into the full report when you need remediation notes, CVSS vector details, or source references.
Known Vulnerabilities

Reports for Membership Plugin – Restrict Content

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-4136
Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcp_redirect' parameter. This makes it possible for unaut...

Published
Mar 19, 2026
Patched Release
3.2.25
Affected Versions
Versions up to 3.2.24
Next Step
Update to 3.2.25 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2026-1321
Membership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level'

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` function accepting any membership level ID via the `rcp_level` POST parameter witho...

Published
Mar 04, 2026
Patched Release
3.2.21
Affected Versions
Versions up to 3.2.20
Next Step
Update to 3.2.21 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-1304
Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings

The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

Published
Feb 17, 2026
Patched Release
3.2.19
Affected Versions
Versions up to 3.2.18
Next Step
Update to 3.2.19 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-14844
Membership Plugin – Restrict Content <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcp_stripe_create_setup_intent_for_saved_card' function due to missing capability check. Additionally, the plugin does not c...

Published
Jan 15, 2026
Patched Release
3.2.17
Affected Versions
Versions up to 3.2.16
Next Step
Update to 3.2.17 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-14000
Membership Plugin – Restrict Content <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'register_form' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user su...

Published
Dec 22, 2025
Patched Release
3.2.16
Affected Versions
Versions up to 3.2.15
Next Step
Update to 3.2.16 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-11090
Membership Plugin – Restrict Content <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from po...

Published
Jan 25, 2025
Patched Release
3.2.14
Affected Versions
Versions up to 3.2.13
Next Step
Update to 3.2.14 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-31432
Restrict Content <= 3.2.8 - Missing Authorization

The Restrict Content plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the update_opt_in_get_status() function in versions up to, and including, 3.2.8. This makes it possible for unauthenticated attackers to update opt in status.

Published
Apr 10, 2024
Patched Release
3.2.9
Affected Versions
Versions up to 3.2.8
Next Step
Update to 3.2.9 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-47668
Restrict Content <= 3.2.7 - Information Exposure via legacy log file

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.7 via the legacy log file. This makes it possible for unauthenticated attackers to extract sensitive data including debug inform...

Published
Nov 06, 2023
Patched Release
3.2.8
Affected Versions
Versions up to 3.2.7
Next Step
Update to 3.2.8 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-3182
Restrict Content <= 3.2.2 - Reflected Cross-Site Scripting

The Restrict Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via POST data from the rcp_ajax_dismissed_notice_handler() function in versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible...

Published
Jun 23, 2023
Patched Release
3.2.3
Affected Versions
Versions before 3.2.3
Next Step
Update to 3.2.3 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes
Restrict Content <= 3.2.2 - Missing Authorization to Notice Dismissal

The Restrict Content plugin for WordPress is vulnerable to unauthorized notice dismissal due to a missing capability check on the rcp_ajax_dismissed_notice_handler() function in versions up to, and including, 3.2.2. This makes it possible for authenticated attackers with subscrib...

Published
Jun 23, 2023
Patched Release
3.2.3
Affected Versions
Versions before 3.2.3
Next Step
Update to 3.2.3 or newer if supported.
Open Full Report