WordPress - Membership Plugin – Restrict Content - HIGH - CVE-2025-14844. The Membership Plugin – Restrict Content for WordPress has a vulnerability that allows unauthorized users to access sensitive client_secret values from Stripe SetupIntents. This exploit arises from the absence of a capability check in the 'rcp_stripe_create_setup_intent_for_saved_card' function, coupled with the failure to validate a user-controlled key. Consequently, unauthenticated attackers have the potential to leak sensitive membership-related data, presenting a serious risk for all installations of the plugin up to version 3.2.16.