{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14000", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-04T00:01:31.299Z", "datePublished": "2025-12-23T11:13:48.778Z", "dateUpdated": "2026-04-08T16:34:51.255Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:34:51.255Z"}, "affected": [{"vendor": "stellarwp", "product": "Membership Plugin \u2013 Restrict Content", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.2.15", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'register_form' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Membership Plugin \u2013 Restrict Content <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b6a84d7-9e77-4a2f-b065-872e8650e75e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/shortcodes.php#L26"}, {"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/shortcodes.php#L135"}, {"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/member-forms.php#L126"}, {"url": "https://plugins.trac.wordpress.org/changeset/3420370/restrict-content/trunk/core/includes/member-forms.php?old=2642097&old_path=restrict-content%2Ftrunk%2Fcore%2Fincludes%2Fmember-forms.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3420370/restrict-content/trunk/core/includes/shortcodes.php?old=2850120&old_path=restrict-content%2Ftrunk%2Fcore%2Fincludes%2Fshortcodes.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "timeline": [{"time": "2025-12-04T00:18:41.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-12-22T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-23T15:23:04.311002Z", "id": "CVE-2025-14000", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-23T15:23:10.659Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14000", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-23T15:23:04.311002Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-23T15:23:07.971Z"}}], "cna": {"title": "Membership Plugin \u2013 Restrict Content <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes", "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "stellarwp", "product": "Membership Plugin \u2013 Restrict Content", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.2.15"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-04T00:18:41.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-12-22T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b6a84d7-9e77-4a2f-b065-872e8650e75e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/shortcodes.php#L26"}, {"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/shortcodes.php#L135"}, {"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/member-forms.php#L126"}, {"url": "https://plugins.trac.wordpress.org/changeset/3420370/restrict-content/trunk/core/includes/member-forms.php?old=2642097&old_path=restrict-content%2Ftrunk%2Fcore%2Fincludes%2Fmember-forms.php"}, {"url": "https://plugins.trac.wordpress.org/changeset/3420370/restrict-content/trunk/core/includes/shortcodes.php?old=2850120&old_path=restrict-content%2Ftrunk%2Fcore%2Fincludes%2Fshortcodes.php"}], "descriptions": [{"lang": "en", "value": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'register_form' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:34:51.255Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14000", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:34:51.255Z", "dateReserved": "2025-12-04T00:01:31.299Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-23T11:13:48.778Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'register_form' and 'restrict' shortcodes in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "id": "CVE-2025-14000", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-23T12:15:44.727", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/member-forms.php#L126"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/shortcodes.php#L135"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.15/core/includes/shortcodes.php#L26"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3420370/restrict-content/trunk/core/includes/member-forms.php?old=2642097&old_path=restrict-content%2Ftrunk%2Fcore%2Fincludes%2Fmember-forms.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3420370/restrict-content/trunk/core/includes/shortcodes.php?old=2850120&old_path=restrict-content%2Ftrunk%2Fcore%2Fincludes%2Fshortcodes.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b6a84d7-9e77-4a2f-b065-872e8650e75e?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T16:00:43.286542+00:00", "value": {"mitigation_remediation": ["Upgrade the Membership Plugin \u2013 Restrict Content to a version newer than 3.2.15 where the stored XSS issue is fixed.", "If an upgrade cannot be applied immediately, disable or remove the use of the vulnerable 'register_form' and 'restrict' shortcodes until the plugin is updated.", "Apply generic template or page content sanitization or a dedicated XSS protection plugin to escape all attributes added via shortcodes, reducing the risk of script execution."], "summary": {"action": "Patch Immediately", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "StellarWP\u2019s Membership Plugin \u2013 Restrict Content up to and including version 3.2.15 is affected. All installations where contributors or higher can edit content or add shortcodes are susceptible.", "description_and_impact": "The Membership Plugin \u2013 Restrict Content plugin permits authenticated users with contributor level or higher to insert arbitrary JavaScript into page content by manipulating the 'register_form' and 'restrict' shortcodes. This stored XSS flaw allows the attacker to embed malicious code that executes whenever a user views the affected page, potentially leading to credential theft, session hijacking, or defacement of the site. The vulnerability arises from insufficient input sanitization and output escaping on user\u2011supplied attributes. Attackers cannot exploit it from an unauthenticated state; they must already have contribution privileges to manipulate the shortcodes.", "risk_and_exploitability": "The CVSS score of 6.4 indicates moderate severity, while an EPSS score of less than 1% suggests a low likelihood of exploitation currently. The vulnerability is not listed in the CISA KEV catalog. Attackers with contributor access can embed malicious scripts via the vulnerable shortcodes; no additional exploitation prerequisites are noted beyond authenticated contributor privileges. The impact is confined to users who load the page containing the injected code. The most likely attack vector involves content editors injecting malicious attributes into shortcodes that are then rendered on public pages."}}}}, "created": "2025-12-23T22:39:43.328798+00:00", "updated": "2026-04-22T16:15:21.785383+00:00", "vendors": ["stellarwp", "stellarwp$PRODUCT$membership_plugin_-_restrict_content", "wordpress", "wordpress$PRODUCT$wordpress"]}