Description
core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable.
Remediation
References
Related Vulnerabilities
WordPress Plugin Dropbox Folder Share Local File Inclusion (1.9.7)
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-30156)
WebLogic CVE-2016-5488 Vulnerability (CVE-2016-5488)
WordPress Plugin Gallery-Responsive Photo and Video Gallery by Limb Cross-Site Scripting (1.3.2)
Django Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-19844)