Liquidweb: >> Restrict Content >> 3.2.14 Security Vulnerabilities
The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcp_stripe_create_setup_intent_for_saved_card' function due to missing capability check. Additionally, the plugin does not check a user-controlled key, which makes it possible for unauthenticated attackers to leak Stripe SetupIntent client_secret values for any membership.
CVSS Score
8.2
EPSS Score
0.001
Published
2026-01-16