CVE-2026-4136

Name of the Vulnerable Software and Affected Versions Membership Plugin – Restrict Content versions prior to 3.2.24

Description The Membership Plugin – Restrict Content plugin for WordPress is susceptible to an unvalidated redirect issue in all versions up to and including 3.2.24. This occurs because of inadequate validation of the redirect URL provided through the rcp redirect parameter. An unauthenticated attacker can potentially redirect users who have requested a password reset email to malicious websites if they can trick the user into performing an action.

Recommendations Versions prior to 3.2.24 should be updated to version 3.2.24 or later.