A vulnerability was found in ultimatemember Ultimate Member Plugin up to 2.11.4 on WordPress. It has been classified as critical. The affected element is the function
get_directory_by_hash of the component AJAX Handler. Performing a manipulation results in missing authorization.
This vulnerability was named CVE-2026-7761. The attack may be initiated remotely. There is no available exploit.
