Login Sign Up

CVE-2025-14000

6.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability allows authenticated WordPress users with contributor-level access or higher to inject malicious scripts into pages using the Membership Plugin's shortcodes. The scripts execute whenever users visit the compromised pages, enabling session hijacking, credential theft, or website defacement. All WordPress sites using vulnerable versions of the Restrict Content plugin are affected.

💻 Affected Systems

Products:
  • Membership Plugin – Restrict Content for WordPress
Versions: All versions up to and including 3.2.15
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the vulnerable plugin enabled. Contributor-level or higher user accounts are needed for exploitation.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative access, steal sensitive user data, install backdoors, or completely compromise the WordPress site and potentially the underlying server.

🟠

Likely Case

Attackers deface pages, steal user session cookies, redirect users to malicious sites, or perform actions on behalf of authenticated users.

🟢

If Mitigated

Limited to low-privilege user account compromise if proper input validation and output escaping are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is technically simple once an attacker has contributor-level credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.2.16 or later

Vendor Advisory: https://plugins.trac.wordpress.org/browser/restrict-content

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Restrict Content' plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 3.2.16+ from WordPress.org and manually replace plugin files.

🔧 Temporary Workarounds

Disable vulnerable shortcodes

all

Remove or disable the 'register_form' and 'restrict' shortcodes from all posts/pages

Restrict user roles

all

Temporarily remove contributor-level posting capabilities from untrusted users

🧯 If You Can't Patch

  • Implement Web Application Firewall (WAF) rules to block XSS payloads in shortcode attributes
  • Apply Content Security Policy (CSP) headers to restrict script execution sources

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for Restrict Content version 3.2.15 or earlier

Check Version:

wp plugin list --name=restrict-content --field=version (if WP-CLI installed)

Verify Fix Applied:

Confirm plugin version is 3.2.16 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

  • Unusual shortcode usage in post/page edits
  • Multiple failed login attempts followed by successful contributor-level login

Network Indicators:

  • Script tags in shortcode parameters in HTTP requests
  • Unexpected external script loads from WordPress pages

SIEM Query:

source="wordpress.log" AND ("register_form" OR "restrict") AND ("script" OR "onerror" OR "javascript:")

📊 Metadata

CVE ID: CVE-2025-14000
CVSS v3 Score: 6.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.05% exploit probability (14.2th percentile)
Published: December 23, 2025
Last Updated: December 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14000, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)