CVE-2018-6944

Name of the Vulnerable Software and Affected Versions UltimateMember plugin version 2.0

Description The issue arises from a cross-site scripting vulnerability in the core/lib/upload/um-file-upload.php file of the UltimateMember plugin. This vulnerability occurs because the plugin fails to properly sanitize user input passed to the $temp variable.

Recommendations For UltimateMember plugin version 2.0, ensure that user input passed to the $temp variable is properly sanitized to prevent cross-site scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.