PT-2026-3242 · WordPress · Restrict Content+1
Andrea Bocchetti
·
Published
2026-01-16
·
Updated
2026-01-23
·
CVE-2025-14844
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Restrict Content plugin for WordPress versions prior to 3.2.17
Description
The Restrict Content plugin for WordPress is affected by a missing authentication issue. This occurs due to a missing capability check within the
rcp stripe create setup intent for saved card function. The plugin also fails to validate a user-controlled key, potentially allowing unauthenticated attackers to obtain Stripe SetupIntent client secret values for any membership.Recommendations
Update to version 3.2.17 or later.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Restrict Content
Wordpress