A vulnerability was found in ultimatemember Ultimate Member Plugin up to 2.11.4 on WordPress. It has been classified as critical . The affected element is the function get_directory_by_hash of the component AJAX Handler . Performing a manipulation results in missing authorization. This vulnerability was named CVE-2026-7761 . The attack may be initiated remotely. There is no available exploit.