CVE-2026-11766
Ultimate Member < 2.12.0 - Subscriber+ Stored XSS via Custom Textarea Profile Fields
CVSS Score
8.0
EPSS Score
0.0%
EPSS Percentile
0th
The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, including an administrator, views the affected profile.
| Vendor | unknown |
| Product | ultimate member |
| Published | Jul 6, 2026 |
| Last Updated | Jul 6, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown ultimate member
Be the first to know when new high vulnerabilities affecting unknown ultimate member are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / Ultimate Member
0 < 2.12.0
References
Credits
Meher Sudhakar Abbireddi WPScan