This is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is.
Post
Pulse WP
pulse-wp.com
did:plc:m7puovzqhxurz66hip2xwfs6
Your admins get pwned. Subscriber uploads malicious JS to their profile. CVE-2026-11766 (CVSS 8). Ultimate Member before 2.12.0 doesn't escape textarea fields. No patch yet. Disable the plugin now.
Scan your WordPress site: pulse-wp.com
#WordPress #CVE #CyberSecurity
2026-07-07T00:00:19.526Z