A vulnerability, which was classified as problematic, has been found in ultimatemember Ultimate Member Plugin up to 2.11.4 on WordPress. This impacts an unknown function of the component Registration Handler. The manipulation of the argument about_me leads to cross site scripting.

This vulnerability is referenced as CVE-2026-8489. Remote exploitation of the attack is possible. No exploit is available.