From www.zdnet.com
Critical privilege escalation vulnerabilities have been patched in the popular WordPress plugin Ultimate Member.
Accounting for over 100,000 active installations on websites that use the WordPress content management system (CMS), Ultimate Member allows webmasters to offer membership, sign-ups, and member profile functionality.