The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, including an administrator, views the affected profile.

Project Subscriptions

Vendors Products
Ultimatemember Subscribe
Ultimate Member Subscribe
Wordpress Subscribe
Wordpress Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 06 Jul 2026 17:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79

Mon, 06 Jul 2026 12:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Ultimatemember
Ultimatemember ultimate Member
Wordpress
Wordpress wordpress
Vendors & Products Ultimatemember
Ultimatemember ultimate Member
Wordpress
Wordpress wordpress

Mon, 06 Jul 2026 07:30:00 +0000

Type Values Removed Values Added
Description The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated users with Subscriber-level access and above to store JavaScript that executes when any user, including an administrator, views the affected profile.
Title Ultimate Member < 2.12.0 - Subscriber+ Stored XSS via Custom Textarea Profile Fields
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2026-07-06T12:02:30.806Z

Reserved: 2026-06-09T09:51:17.031Z

Link: CVE-2026-11766

cve-icon Vulnrichment

Updated: 2026-07-06T12:02:22.314Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-06T17:30:16Z

Weaknesses