Name of the Vulnerable Software and Affected Versions:

User Registration & Membership plugin for WordPress version 4.3.0

Description:

The User Registration & Membership plugin for WordPress is susceptible to SQL Injection via the `s` parameter. This is due to insufficient escaping of user-supplied input and inadequate preparation of existing SQL queries. This allows authenticated attackers with administrator-level access or higher to append additional SQL queries to existing ones, potentially extracting sensitive information from the database.

Recommendations:

Update to a newer version that contains a fix for this issue.