← Back

Restrict Content

restrict_content

Vendor: Liquidweb • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-14844
1Liquidweb
1Restrict Content
Jan 23, 2026
Jan 16, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcp_stripe_create_setup_intent_for_saved_card' function due to m...Show more
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcp_stripe_create_setup_intent_for_saved_card' function due to missing capability check. Additionally, the plugin does not check a user-controlled key, which makes it possible for unauthenticated attackers to leak Stripe SetupIntent client_secret values for any membership.Show less
CVE-2024-11090
1Liquidweb
1Restrict Content
Jan 30, 2026
Jan 26, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for...Show more
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.Show less
CVE-2023-47668
1Liquidweb
1Restrict Content
Nov 21, 2024
Nov 23, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StellarWP Membership Plugin – Restrict Content plugin <= 3.2.7 versions.
CVE-2023-3182
1Liquidweb
1Restrict Content
Nov 21, 2024
Jul 17, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users su...Show more
The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminShow less