WordPress Membership Plugin - Restrict Content plugin <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect vulnerability

WordPress Membership Plugin - Restrict Content plugin = 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcpredirect vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Restrict Content versions = 3.2.24...

EUVD-2026-13521

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcpredirect' parameter. This makes it possible for unauthenticated attacke...

PT-2026-26554

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcp redirect' parameter. This makes it possible for unauthenticated...

PT-2026-23412

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the rcp setup registration init function accepting any membership level ID via the rcp level POST parameter without validating that the...

WordPress plugin Membership Plugin – Restrict Content 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20275

The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit...

CVE-2025-69292

Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through = 1.6.4...

WordPress Membership For WooCommerce plugin authorization bypass vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An authorization bypass vulnerability exists in the WordPress Membership For WooCommerce plugin that originates from an authorization bypass via a user-controlled key, which can...

CVE-2025-54717 WordPress WP Membership Plugin <= 1.6.3 - Settings Change Vulnerability

Missing Authorization vulnerability in e-plugins WP Membership allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Membership: from n/a through 1.6.3...

CVE-2025-54717 WordPress WP Membership Plugin <= 1.6.3 - Settings Change Vulnerability

Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through = 1.6.3...

WordPress WP Membership Plugin <= 1.6.3 - Settings Change Vulnerability

Settings Change Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WP Membership versions = 1.6.3...

WordPress Simple Membership plugin <= 4.4.3 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Thanh Nam Tran in WordPress Plugin Simple Membership versions = 4.4.3...

WordPress Plugin WP-Membership Plugin Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

VulnCheck KEV: CVE-2022-4940

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions...