Membership Plugin – Restrict Content <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

Vulnerability

The Membership Plugin – Restrict Content (now Kadence Memberships) for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13. The vulnerability occurs because the WordPress core search feature does not properly respect content restrictions, allowing restricted posts to appear in search results for unauthenticated users [1].

Exploitation

An unauthenticated attacker can exploit this vulnerability by performing a search query on a WordPress site using the Restrict Content plugin. The search results may include posts that are restricted to higher-level roles such as administrator, thereby revealing sensitive data without any authentication or user interaction [1].

Impact

Successful exploitation leads to the disclosure of restricted content, including posts that are intended only for administrators. This can result in the exposure of sensitive information that may compromise the site's confidentiality. The attacker gains unauthorized read access to restricted posts [1].

Mitigation

The vulnerability is fixed in version 4.0.0 of the plugin (now called Kadence Memberships). Users of the older Restrict Content plugin should update to the latest version immediately. No workarounds have been provided for unfixed versions [1].