CVE-2026-1404 | Ultimate Member Plugin up to 2.11.1 on WordPress Filter filter_first_name cross site scripting

07:09 - 18 Feb 2026

A vulnerability has been found in Ultimate Member Plugin up to 2.11.1 on WordPress and classified as problematic. This affects the function filter_first_name of the component Filter Handler. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-1404. The attack is possible to be carried out remotely. No exploit exists.