Serhack

**Name of the Vulnerable Software and Affected Versions** Ultimate Member - User Profile & Membership plugin versions prior to 2.0.28 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `Primary button Text` or `Second button text` field, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** For Ultimate Member - User Profile & Membership plugin versions prior to 2.0.28, update to version 2.0.28 or later to resolve the issue.