CVE-2026-4136

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcp_redirect' parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successfully trick them into performing an action.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.24/core/includes/login-functions.php#L270
https://plugins.trac.wordpress.org/changeset/3486071/restrict-content
https://www.wordfence.com/threat-intel/vulnerabilities/id/e4cf42d3-9864-440b-8357-36c82cbef28f?source=cve

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-20 04:16

Updated : 2026-03-20 13:37

NVD link : CVE-2026-4136

Mitre link : CVE-2026-4136

CVE.ORG link : CVE-2026-4136

JSON object : View

Products Affected

No product.

CWE

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

{"id": "CVE-2026-4136", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2026-03-20T04:16:50.517", "references": [{"url": "https://plugins.trac.wordpress.org/browser/restrict-content/tags/3.2.24/core/includes/login-functions.php#L270", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3486071/restrict-content", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4cf42d3-9864-440b-8357-36c82cbef28f?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-640"}]}], "descriptions": [{"lang": "en", "value": "The Membership Plugin \u2013 Restrict Content plugin for WordPress is vulnerable to Unvalidated Redirect in all versions up to, and including, 3.2.24. This is due to insufficient validation on the redirect url supplied via the 'rcp_redirect' parameter. This makes it possible for unauthenticated attackers to redirect users with the password reset email to potentially malicious sites if they can successfully trick them into performing an action."}, {"lang": "es", "value": "El plugin Membership Plugin \u2013 Restrict Content para WordPress es vulnerable a Redirecci\u00f3n no validada en todas las versiones hasta la 3.2.24, inclusive. Esto se debe a una validaci\u00f3n insuficiente en la URL de redirecci\u00f3n suministrada a trav\u00e9s del par\u00e1metro 'rcp_redirect'. Esto permite a los atacantes no autenticados redirigir a los usuarios con el correo electr\u00f3nico de restablecimiento de contrase\u00f1a a sitios potencialmente maliciosos si logran enga\u00f1arlos para que realicen una acci\u00f3n."}], "lastModified": "2026-03-20T13:37:50.737", "sourceIdentifier": "security@wordfence.com"}