CVE-2025-15064
The affected component is the Ultimate Member WordPress plugin. It is vulnerable in all versions up to 2.11.1 due to insufficient input sanitization and output escaping in the user description field, enabling Stored Cross-Site Scripting. Exploitation requires HTML support for user description to ...