CVE-2025-14000
Stored XSS in Membership Plugin Restrict Content Shortcodes
Publication date: 2025-12-23
Last updated on: 2025-12-23
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | membership_plugin | 3.2.15 |
| wordpress | restrict_content | 3.2.15 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the Membership Plugin β Restrict Content plugin for WordPress, affecting all versions up to and including 3.2.15. It occurs because the plugin does not properly sanitize and escape user-supplied attributes in its 'register_form' and 'restrict' shortcodes. As a result, authenticated users with contributor-level access or higher can inject malicious scripts into pages. These scripts execute whenever any user accesses the infected page, potentially compromising site security. [5, 3]
How can this vulnerability impact me? :
This vulnerability can allow attackers with contributor-level access or above to inject arbitrary malicious scripts into the website's pages. When other users visit these pages, the malicious scripts execute in their browsers, potentially leading to theft of sensitive information, session hijacking, defacement, or further exploitation of the site. This undermines the security and trustworthiness of the website and can lead to data breaches or unauthorized actions performed on behalf of users. [5, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting WordPress sites using the Membership Plugin β Restrict Content plugin versions up to 3.2.15 for the presence of the vulnerable shortcodes 'register_form' and 'restrict' that do not properly sanitize or escape user-supplied attributes. Detection can involve reviewing the plugin version installed and scanning for pages or posts that include these shortcodes with suspicious or unexpected script content in their attributes. Since the vulnerability involves stored Cross-Site Scripting (XSS) via shortcode attributes, commands or tools that scan for XSS payloads in shortcode attributes or that enumerate plugin versions can be used. For example, using WP-CLI to check the plugin version: `wp plugin get restrict-content --field=version` to confirm if the version is vulnerable. Additionally, searching the WordPress database for shortcode usage with suspicious script tags could help detect exploitation. However, no specific commands are provided in the resources. [1, 5]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Restrict Content Pro plugin to a version that includes the security fixes for CVE-2025-14000. The vulnerability is addressed by enhancing input sanitization and output escaping in the plugin's shortcode and registration form code, as shown in the changes that sanitize attributes with functions like `sanitize_text_field()` and `wp_kses_post()`. If an immediate update is not possible, temporarily disabling the vulnerable shortcodes or restricting contributor-level users from adding or editing content with these shortcodes can reduce risk. Applying patches that sanitize output in files such as `shortcodes.php` and `member-forms.php` (as per the changesets) will also mitigate the vulnerability. Monitoring and restricting user roles to prevent unauthorized script injection is recommended until the plugin is updated. [3, 5]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.