{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4136", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-03-13T14:50:43.889Z", "datePublished": "2026-03-20T03:37:02.684Z", "dateUpdated": "2026-04-08T17:29:42.603Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:29:42.603Z"}, "affected": [{"vendor": "stellarwp", "product": "Membership Plugin \u2013 Restrict Content", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.2.24", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcp_redirect' parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successfully trick them into performing an action."}], "title": "Membership Plugin \u2013 Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4cf42d3-9864-440b-8357-36c82cbef28f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.24/core/includes/login-functions.php#L270"}, {"url": "https://plugins.trac.wordpress.org/changeset/3486071/restrict-content"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password", "cweId": "CWE-640", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Supakiad S."}], "timeline": [{"time": "2026-03-13T15:06:37.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-03-19T14:37:52.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-20T14:09:43.372951Z", "id": "CVE-2026-4136", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T14:09:53.635Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4136", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-20T14:09:43.372951Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T14:09:33.506Z"}}], "cna": {"title": "Membership Plugin \u2013 Restrict Content <= 3.2.24 - Unvalidated Redirect in Password Reset Flow via rcp_redirect", "credits": [{"lang": "en", "type": "finder", "value": "Supakiad S."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "stellarwp", "product": "Membership Plugin \u2013 Restrict Content", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.2.24"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-03-13T15:06:37.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-03-19T14:37:52.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4cf42d3-9864-440b-8357-36c82cbef28f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.24/core/includes/login-functions.php#L270"}, {"url": "https://plugins.trac.wordpress.org/changeset/3486071/restrict-content"}], "descriptions": [{"lang": "en", "value": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcp_redirect' parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successfully trick them into performing an action."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-640", "description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:29:42.603Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4136", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:29:42.603Z", "dateReserved": "2026-03-13T14:50:43.889Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-20T03:37:02.684Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcp_redirect' parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successfully trick them into performing an action."}, {"lang": "es", "value": "El plugin Membership Plugin \u2013 Restrict Content para WordPress es vulnerable a Redirecci\u00f3n no validada en todas las versiones hasta la 3.2.24, inclusive. Esto se debe a una validaci\u00f3n insuficiente en la URL de redirecci\u00f3n suministrada a trav\u00e9s del par\u00e1metro 'rcp_redirect'. Esto permite a los atacantes no autenticados redirigir a los usuarios con el correo electr\u00f3nico de restablecimiento de contrase\u00f1a a sitios potencialmente maliciosos si logran enga\u00f1arlos para que realicen una acci\u00f3n."}], "id": "CVE-2026-4136", "lastModified": "2026-04-22T21:32:08.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-20T04:16:50.517", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.24/core/includes/login-functions.php#L270"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3486071/restrict-content"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4cf42d3-9864-440b-8357-36c82cbef28f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-640"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.2.24]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Membership Plugin \u2013 Restrict Content", "source": "cna", "vendor": "stellarwp"}, "product": "membership_plugin_-_restrict_content", "vendor": "stellarwp"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-20T05:23:36.662812+00:00", "value": {"mitigation_remediation": ["Apply the latest version of the Restrict Content plugin (v3.2.25 or newer) to remove the unvalidated redirect flaw.", "If an immediate upgrade is not possible, block or sanitize the rcp_redirect query parameter so it only accepts trusted URLs.", "Disable automatic sending of password reset emails if they are not needed, or enforce email verification to reduce the attack surface.", "Monitor user accounts for unusual sign\u2011ins or repeated reset requests that may indicate exploitation."], "summary": {"action": "Patch", "impact": "Unvalidated Redirect for Phishing"}, "threat_synthesis": {"affected_systems": "All installations of the Restrict Content membership plugin version 3.2.24 and earlier, maintained by StellarWP, are affected. The CNAs list the product as StellarWP:Membership Plugin \u2013 Restrict Content, with every prior release vulnerable to this flaw.", "description_and_impact": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to an unvalidated redirect in the password reset process. The plugin fails to properly validate the rcp_redirect parameter, allowing an unauthenticated attacker to embed a malicious URL in the password reset email. If the user follows the link, they are redirected to the attacker\u2019s site, enabling credential harvesting or other social\u2011engineering attacks. The weakness is classified as CWE\u2011640.", "risk_and_exploitability": "The CVSS score is 4.3, indicating moderate severity. No EPSS score is available and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a phishing scenario where an attacker sends a password\u2011reset email containing a malicious redirect link. Since the redirect is not constrained, exploitation requires only convincing the user to click the link, making the risk moderate to high for sites that use the password\u2011reset feature."}}}}, "created": "2026-03-20T08:52:47.659157+00:00", "updated": "2026-03-20T10:37:29.305123+00:00", "vendors": ["stellarwp", "stellarwp$PRODUCT$membership_plugin_-_restrict_content", "wordpress", "wordpress$PRODUCT$wordpress"]}