The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, including an administrator, views the affected profile.
History

Mon, 06 Jul 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Ultimatemember
Ultimatemember ultimate Member
Wordpress
Wordpress wordpress
Vendors & Products Ultimatemember
Ultimatemember ultimate Member
Wordpress
Wordpress wordpress

Mon, 06 Jul 2026 07:30:00 +0000

Type Values Removed Values Added
Description The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, including an administrator, views the affected profile.
Title Ultimate Member < 2.12.0 - Subscriber+ Stored XSS via Custom Textarea Profile Fields
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2026-07-06T06:00:01.483Z

Reserved: 2026-06-09T09:51:17.031Z

Link: CVE-2026-11766

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-06T08:30:04Z