Membership Plugin – Kadence Memberships

Vulnerabilities 16Slug restrict-contentLatest version 4.0.0WordPress.org →

Minimum safe version

3.2.25

Update to 3.2.25 or later to address 16 fixable vulnerabilities

Latest available4.0.0 ✓

N/A

2026-02-17< 3.2.19

Membership Plugin – Restrict Content <= 3.2.18 - Authenticated (Administrator+) Stored Cross-Site Scripting via Invoice Settings

Wordfence CVE

N/A

2026-03-04< 3.2.21

Membership Plugin – Restrict Content <= 3.2.20 - Unauthenticated Privilege Escalation via 'rcp_level'

Wordfence CVE

N/A

2026-03-19< 3.2.25

Membership Plugin – Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect

Wordfence CVE

High 7.5

2026-03-25< 3.2.23

CVE-2026-32546

CVE Wordfence

High 8.2

2026-01-16< 3.2.17

CVE-2025-14844

CVE Wordfence

Medium 6.4

2025-12-23< 3.2.16

CVE-2025-14000

CVE Wordfence

Medium 5.3

2025-01-27< 3.2.14

WordPress Restrict Content Plugin <= 3.2.13 is vulnerable to Sensitive Data Exposure

Patchstack CVE EUVD Wordfence

Medium 5.3

2024-04-15< 3.2.9

CVE-2024-31432

CVE Wordfence Patchstack

Medium 5.3

2023-11-23< 3.2.8

CVE-2023-47668

CVE Patchstack WPScan

N/A

2023-11-06< 3.2.8

Restrict Content <= 3.2.7 - Information Exposure via legacy log file

Wordfence

N/A

2023-07-18< 3.2.5

WordPress Restrict Content Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS)

Patchstack WPScan CVE

N/A

2023-06-23< 3.2.3

Restrict Content <= 3.2.2 - Missing Authorization to Notice Dismissal

Wordfence

Medium 6.1

2023-07-17< 3.2.3

CVE-2023-3182

CVE WPScan

N/A

2023-06-26< 3.2.3

WordPress Restrict Content Plugin < 3.2.3 is vulnerable to Broken Access Control

Patchstack

N/A

2023-06-26< 3.2.3

WordPress Restrict Content Plugin < 3.2.3 is vulnerable to Cross Site Scripting (XSS)

Patchstack

N/A

2023-06-23< 3.2.3

Restrict Content <= 3.2.2 - Reflected Cross-Site Scripting

Wordfence