CVE-2026-11766
The CVE describes a Stored XSS in the Ultimate Member WordPress plugin prior to version 2.12.0. The vulnerability arises because the value of custom textarea profile fields is not properly sanitised or escaped before being output on user profiles. This enables authenticated users with Subscriber-...