CVE-2026-11766 - Ultimate Member < 2.12.0 - Subscriber+ Stored XSS via Custom Textarea Profile Fields
CVE ID :CVE-2026-11766 Published : July 6, 2026, 8:16 a.m. | 6 hours, 58 minutes ago Description :The Ultimate Member WordPress plugin before 2.12.0 does not properly sanitise and escape the value of custom textarea profile fields before outputting it on user profiles, allowing authenticated...