CVE-2026-4136
Unvalidated Redirect in Membership Plugin β Restrict Content WordPress
Publication date: 2026-03-20
Last updated on: 2026-03-20
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| restrict_content_pro | restrict_content_pro | to 3.2.24 (inc) |
| restrict_content_pro | restrict_content_pro | 3.2.25 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-640 | The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Membership Plugin β Restrict Content Pro for WordPress is an Unvalidated Redirect issue present in all versions up to and including 3.2.24. It occurs because the plugin does not properly validate the redirect URL provided via the 'rcp_redirect' parameter.
This flaw allows unauthenticated attackers to craft password reset emails that redirect users to potentially malicious websites if the users are tricked into performing certain actions.
How can this vulnerability impact me? :
This vulnerability can impact you by enabling attackers to redirect users to malicious sites through password reset emails. If users follow these redirects, they may be exposed to phishing attacks, malware, or other harmful content.
Because the redirect URL is not properly validated, attackers can exploit this to deceive users into visiting unsafe locations, potentially compromising user security and trust.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability involves unvalidated redirects via the 'rcp_redirect' parameter in the Restrict Content Pro WordPress plugin up to version 3.2.24. Detection can focus on identifying HTTP requests containing this parameter with potentially malicious redirect URLs."}, {'type': 'paragraph', 'content': "To detect exploitation attempts on your network or system, you can monitor web server logs or use command-line tools to search for requests containing the 'rcp_redirect' parameter."}, {'type': 'list_item', 'content': "Use grep or similar tools on your web server access logs to find requests with 'rcp_redirect':\n grep -i 'rcp_redirect=' /var/log/apache2/access.log"}, {'type': 'list_item', 'content': "Use curl or wget to test if the plugin version is vulnerable by sending crafted POST requests with the 'rcp_redirect' parameter and observing if redirects to external URLs occur."}, {'type': 'list_item', 'content': 'Monitor for password reset emails or flows that include redirect URLs pointing to external or suspicious domains, which may indicate exploitation.'}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary mitigation step is to update the Restrict Content Pro plugin to version 3.2.25 or later, where the vulnerability has been fixed by improving validation and sanitization of redirect URLs.'}, {'type': 'list_item', 'content': 'Upgrade the plugin from version 3.2.24 or earlier to 3.2.25 or newer.'}, {'type': 'list_item', 'content': "Ensure that all redirects use WordPress's safe redirect functions such as wp_safe_redirect() and that redirect URLs are validated with wp_validate_redirect()."}, {'type': 'list_item', 'content': 'If immediate upgrade is not possible, consider disabling password reset or login redirect features temporarily to reduce risk.'}, {'type': 'list_item', 'content': 'Monitor user activity and password reset flows for suspicious redirects or unauthorized actions.'}] [2]