Description
WordPress Plugin Ultimate Member-User Profile, User Registration, Login & Membership is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Ultimate Member-User Profile, User Registration, Login & Membership version 1.3.64 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.65 or latest
References
Related Vulnerabilities
WordPress Plugin Yasr-Yet Another Stars Rating Unspecified Vulnerability (0.9.1)
WordPress Plugin Html5 Audio Player-Audio Player for WordPress Cross-Site Scripting (2.1.2)
WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.3)
WordPress Plugin Yet Another bol.com Cross-Site Scripting (1.4)
WordPress Plugin YITH WooCommerce Ajax Search Unspecified Vulnerability (1.2.7)