4 matches found
CVE-2023-47668
The CVE concerns the StellarWP Membership Plugin – Restrict Content, affecting versions ≤ 3.2.7. The root cause is exposure of sensitive information to an unauthorised actor via the plugin’s legacy log mechanism (noted as legacy rcp-debug.log exposure). Practical impact is unauthenticated access ...
CVE-2024-11090
CVE-2024-11090 affects the WordPress plugin “Membership Plugin – Restrict Content” (WordPress). Exposed versions: all up to and including 3.2.13. Root cause: the WordPress core search feature does not properly restrict access, allowing unauthenticated users to read restricted content. Impact: sen...
CVE-2023-3182
CVE-2023-3182 affects the Membership Plugin – Restrict Content for WordPress, prior to version 3.2.3. The root cause is improper sanitisation/escaping of a parameter before it is echoed back on the page, enabling a reflected XSS against high-privilege users (e.g., admins). Public sources in conne...
CVE-2025-14844
The CVE refers to the WordPress Membership Plugin – Restrict Content (versions through 3.2.16) with Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure. The flaw resides in rcp_stripe_create_setup_intent_for_saved_card where there is no proper capability ...