Membership Plugin - Restrict Content < 3.2.3 - Reflected XSS
Description
The Membership WordPress plugin before 3.2.3 is vulnerable to Reflected XSS, allowing high-privilege users like admins to be targeted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Membership WordPress plugin before 3.2.3 is vulnerable to Reflected XSS, allowing high-privilege users like admins to be targeted.
Vulnerability
The Membership WordPress plugin before version 3.2.3 fails to sanitize and escape a parameter before outputting it back in the page. This leads to a Reflected Cross-Site Scripting (XSS) vulnerability. Affected versions are all prior to 3.2.3.
Exploitation
An attacker can craft a malicious URL containing the unsanitized parameter and trick a high-privilege user, such as an administrator, into clicking it. No authentication is required to deliver the payload, but user interaction (clicking the link) is needed.
Impact
Successful exploitation allows the attacker to inject arbitrary JavaScript into the target's browser session. This can lead to session hijacking, defacement, or actions performed on behalf of the victim. Because high-privilege users are targeted, the impact can be severe, potentially granting the attacker administrative control.
Mitigation
The vulnerability is fixed in version 3.2.3. Users should update the plugin to 3.2.3 or later, released on 2023-06-26 [1]. No other workarounds are documented for this specific issue.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <3.2.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- wpscan.com/vulnerability/655a68ee-9447-41ca-899e-986a419fb7edmitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.