{"uuid": "2a2b8688-2026-404e-a588-1f25ccdbeb18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7761", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3moziqqecbx2r", "content": "A low-level user can take over your admin.\n\nUltimate Member, the WordPress membership plugin on 200,000+ sites, can be made to leak every user's password reset link. No admin click needed this time.\n\nFix is out: update to 2.12.0. (CVE-2026-7761)", "creation_timestamp": "2026-06-24T08:29:44.379244Z"}