Primary

Context

Membership Plugin Restrict Content Unvalidated Redirect Vulnerability in Password Reset Flow

Vulnerability

A vulnerability allowing unvalidated redirects has been identified in the Membership Plugin – Restrict Content for WordPress, affecting all versions through 3.2.24. The issue arises from inadequate validation of the redirect URL provided via the 'rcp_redirect' parameter. This flaw enables unauthenticated attackers to redirect users receiving password reset emails to potentially harmful sites, provided they can successfully manipulate the users into taking a specific action.

Impact

Exploitation of this vulnerability could lead to users being redirected to malicious websites, potentially causing harm or allowing for further attacks.

Remediation

Users can update to version 3.2.25 or a newer patched version to address this vulnerability.

Added: Mar 20, 2026, 4:18 AM

Updated: Mar 20, 2026, 4:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

6.9

remediation

0.0

relevance

4.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

6.9

remediation

0.0

relevance

4.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Membership Plugin Restrict Content Unvalidated Redirect Vulnerability in Password Reset Flow

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating