Back to overview

CVE-2026-11766

HIGH
8.0
CVSS 3.1
Description
The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, including an administrator, views the affected profile.

Metadata

CVE ID
CVE-2026-11766
State
PUBLISHED
Assigner
WPScan
Reserved
2026-06-09 09:51 UTC
Published
2026-07-06 06:00 UTC
Last updated
2026-07-06 12:02 UTC
Vendor / Product
Unknown / Ultimate Member
Sources
cve.org  ·  NVD

Severity & Metrics

8.0 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
Unknown Ultimate Member 0 < 2.12.0
Weakness (CWE)
CWESourceDescription
cna CWE-79 Cross-Site Scripting (XSS)
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.0 HIGH 3.1 adp CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Back to overview