Nikitasinelnikov

**Name of the Vulnerable Software and Affected Versions** Ultimate Member Plugin versions up to 2.5.0 **Description** A critical issue has been found in the Template Handler component, specifically affecting the `load template` function of the file `includes/core/class-shortcodes.php`. The manipulation of the `tpl` argument leads to pathname traversal. This issue can be initiated remotely. **Recommendations** For Ultimate Member Plugin versions up to 2.5.0, upgrade to version 2.5.1 to address this issue. As a temporary workaround, consider restricting access to the `load template` function of the `class-shortcodes.php` file until the upgrade is applied.