PT-2026-3242 · WordPress · Restrict Content+1
Andrea Bocchetti
·
Publicado
2026-01-16
·
Atualizado
2026-01-23
·
CVE-2025-14844
CVSS v3.1
8.2
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Restrict Content plugin for WordPress versions prior to 3.2.17
Description
The Restrict Content plugin for WordPress is affected by a missing authentication issue. This occurs due to a missing capability check within the
rcp stripe create setup intent for saved card function. The plugin also fails to validate a user-controlled key, potentially allowing unauthenticated attackers to obtain Stripe SetupIntent client secret values for any membership.Recommendations
Update to version 3.2.17 or later.
Correção
IDOR
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Restrict Content
Wordpress