{"vulnerability": "cve-2026-7761", "sightings": [{"uuid": "2a2b8688-2026-404e-a588-1f25ccdbeb18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7761", "type": "seen", "source": "https://bsky.app/profile/suriq.io/post/3moziqqecbx2r", "content": "A low-level user can take over your admin.\n\nUltimate Member, the WordPress membership plugin on 200,000+ sites, can be made to leak every user's password reset link. No admin click needed this time.\n\nFix is out: update to 2.12.0. (CVE-2026-7761)", "creation_timestamp": "2026-06-24T08:29:44.379244Z"}, {"uuid": "a9ecc3c4-9671-4ecc-a6ff-a1659c57dda9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-7761", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mozzioqcpk2s", "content": "CVE-2026-7761 - Ultimate Member\nCVE ID : CVE-2026-7761\n \n Published : June 24, 2026, 6:49 a.m. | 6\u00a0hours, 21\u00a0minutes ago\n \n Description : The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and inc...", "creation_timestamp": "2026-06-24T13:29:26.982137Z"}]}