CVE-2026-22523

Name of the Vulnerable Software and Affected Versions themepassion Ultra WordPress Admin versions n/a through 11.7

Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a reflected cross-site scripting issue. This allows an attacker to inject malicious scripts into web pages viewed by other users. The vulnerable component is the ultra-admin functionality.

Recommendations Versions prior to 11.7 should be updated.