2 matches found
CVE-2026-1304 Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings
The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...
CVE-2025-14844
The CVE refers to the WordPress Membership Plugin – Restrict Content (versions through 3.2.16) with Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure. The flaw resides in rcp_stripe_create_setup_intent_for_saved_card where there is no proper capability ...