CVE-2026-1321

The CVE-2026-1321 entry affects the WordPress plugin “Membership Plugin – Restrict Content” (Restrict Content) and describes an unauthenticated privilege-escalation in all versions up to 3.2.20. The root cause is that rcp_setup_registration_init() accepts any membership level ID via the rcp_level...

CVE-2026-1321 Membership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level'

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the rcpsetupregistrationinit function accepting any membership level ID via the rcplevel POST parameter without validating that the leve...

EUVD-2026-9106

wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforosynchroles AJAX handler. Attackers access the usergroups admin page, accessible to any authenticated user, to obtain a nonce, then rema...

WordPress Roles & Capabilities Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Roles & Capabilities Type Plugin Vulnerable versions = 1.1.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8732 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dc79088c77ac Credits vgo0 Required...